Skip to content

Access control

Access control lets you control who (users and groups) has what access (role) to which resources (canvases or folders).

Every resource, like canvas or folder, on a Canvus Connect server has a list of associated permissions. Each permission identifies a specific principal (user or group of users) and a role, such as viewer or editor.

To share canvases or folders with others, the user must have either the owner or editor role. The ability of editor role to change permissions can be enabled or disabled restricted on a per resource basis.

Access level

Each user in Canvus has an access level. This can be either regular or administrator.

  • Regular users are subject to normal access control
  • Administrator users can access all resources and can manage all features on the Canvus Connect server.

Roles

Canvus specifies the following roles for each resource (canvas or folder):

  • No access the principal has no access to the resource
  • Viewer the principal can view the resource, but can not make any changes to it
  • Editor the principal can edit the resource and make changes to it, but may not delete it
  • Owner the user is the owner of the resource and can delete it

Permission propagation

Permission lists for folders propagate and are inherited by all child canvases and folders. Every time the permissions or the resource hierarchy changes, permissions propagate recursively through all nested folders. For example, if a canvas exists in a folder and that folder is then moved within another folder, the permissions of the new folder propagate to the canvas.

Permissions on a resource have priority over permissions that propagate from a parent folder. This means, if you grant All Users access to a folder, you can restrict the access of individual users in child resources.