Permission handling
BSI IT-Grundschutz 2023 sections covered by this page
- CON.10
- APP.3.1
- OPS.1.1.1
Information isolation
OX App Suite uses contexts to isolate user information. Being a collaboration product, users within one context are meant to work together, which requires accessing certain information of other users by design.
This is independent of permissions regarding the Global Address Book (GAB), since user information is not only provided through address book related APIs. Basic user information like E-Mail and names are needed to render permissions and folder structure, thus they are always provided even if the contacts module or the GAB is disabled.
When provisioning users that are not meant to interact with each other or know about each other, they must be separated by contexts to guarantee information isolation.