Calendar Server uses Access Control Lists (ACLs) to determine the access control for calendars, calendar properties, and calendar components such as events and todos (tasks).
This section covers the following topics:
The following table describes the configuration parameters in the ics.conf file that Calendar Server uses for access control.
Table 15–1 Access Control Configuration Parameters
Parameter |
Description |
---|---|
Specifies the default access control settings used when a user creates a calendar. The default is: "@@o^a^r^g;@@o^c^wdeic^g; @^a^fs^g;@^c^^g;@^p^r^g" |
|
Specifies the default access control settings for owners of a calendar. The default is: "@@o^a^rsf^g;@@o^c^wdeic^g" |
|
Specifies the default access control settings used when a resource calendar is created. The default is: "@@o^a^r^g;@@o^c^wdeic^g; @^a^rsf^g" |
When creating a new event or task, a user can specify whether the event or task is Public, Private, or Time and Date Only (confidential):
Anyone with read permission to the user’s calendar can view the event or task.
Only owners of the calendar can view the event or task.
These are confidential events and tasks. Owners of the calendar can view the event or task. Other users with read permission to the calendar can see only “Untitled Event” on the calendar, and the title is not an active link.
The calstore.filterprivateevents determines whether Calendar Server filters (recognizes) Private, and Time and Date Only (confidential) events and tasks. By default this parameter is set to "yes". If you set calstore.filterprivateevents to "no", Calendar Server treats Private and Time and Date Only events and tasks as if they are Public.
The following table describes the Calendar Server command-line utilities that allow you to set or modify ACLs for access control:
Table 15–2 Command-Line Utilities for Access Control
Utility |
Description |
---|---|
Use the create and modify commands with the -a option to set ACLs for specific user or resource calendars. |
|
If you are creating resource calendars with csresource (you are in Schema 1 mode), use the csresource utility with the -a option to set ACLs for resource calendars. |
|
csuser |
Use the Schema 2 commadmin utility to change the default ACL used when a user creates a calendar. Use the Schema 1 csuser utility with the -a option to change the default ACL used when a user creates a calendar. |
To set access rights in the Delegated Administrator Console, from the Organization Properties page (also from the Create New Organization wizard), click the Advanced Rights button to see the list of access rights that can be administered from the console.