adTempus uses the Windows security framework to control access to adTempus and to objects within adTempus.
When a user connects to adTempus, adTempus identifies the user and then determines the permissions for that user.
As in Windows, each secured object support various rights. Individual users or groups are either granted or denied rights. For example, most objects have a "View" right and a "Modify" right. This allows a user to be granted permission to view, but not modify, an object.
The property sheet for each secured object contains a Security page, where a standard security editor is used to modify the permissions for the object.
When a new object is created, it gets the default permissions defined in the Security Options window. The user creating the object can then modify the permissions as appropriate.
There are several "special cases" to be aware of:
Members of the server's Administrators group can view and take ownership of any object in adTempus. This is true even if the user (or the Administrators) group is not listed in the permissions for the object.
The owner of an object always has complete control over the object. This is true even if the user is not listed in the permissions for the object.
When you establish the default permissions for a type of object you can specify permissions for "CREATOR OWNER". This is a "placeholder" that is replaced with the identity of the creating user when the object is created.