Provisioning means creating, changing and deleting contexts and users inside OX App Suite. This is usually done via a SOAP interface which will be provided to you by OX. To do the provisioning, you will have to authenticate the client you use with your admin credentials because you need admin privileges to create objects inside OX Cloud. OX will not provide the aforementioned client that implements the provisioning calls, but there's a hands-on section that will give you some examples for provisioning.
A context is an independent instance within OX Cloud and holds users, groups and resources and all their objects. If you want to see it that way, it's an independent container for all your users, resources and other objects. Independent means that data from one context is not visible to other contexts.
Every context will have a context name and a context id to identify the context for later provisioning calls. A context can also define which modules (calendar, tasks, email, e.g.) can be used by its users via predefined "module access combinations"; these names are configured on the server side. All users which are created inside a context will inherit the module access rights from the context and can only access the modules which are configured for the context, unless this is changed for the user itself. Additionally, a context can define how much quota can be used by its users to store things like attachments to contacts and calendar appointments, e.g. (Please note that this will not affect the mail quota).
Every time a context is created a context admin is created. The context admin is like an ordinary OX Cloud user, except that it can add, remove and edit users within OX Cloud using the provisioning API. In OX Cloud, however, the context admin cannot read, send or receive mail.
A user is an entity that belongs to a context and has authority to use one or more modules inside OX Cloud. Every user will have a user name and a user id and is managed by the administrators. The same user name may exist in different contexts therefore a user is generally identified by username@contextid but for logging in can be identified by username@domain typically. A user can share data with other users in the same context in case of OX Cloud's basic permission level.
In contrary to the login/name of users, display names must be unique within every context. This is because it is used e.g. in the shared folder list of e.g. Calendar, Drive or Contacts in OX Cloud and is also used as folder name when mounting OX via WEBDAV. It is no problem, however, to have one "Steve Smith" in one context, and another "Steve Smith” in another context.
A resource is an entity which belongs to a context and is shared by the users belonging to the context. For instance, a user might create the resource “Office Conference room1 ” or “Projector 1” then any other user may create an appointment and add “Office Conference room 1” in order to reserve the room. If a user tries to reserve a resource already busy it is not available for the appointment and will lead to an unresolvable conflict. Every resource will have a resource name and a resource id to identify the resource for later provisioning calls.
Within OX Cloud it is possible to control the access to the available modules (like Mail, Drive, etc.) per context via a so called Module Access Combination which are defined in the OX Cloud product definition. That means all users in one context per default get the same access rights which are defined for the context by the module access combination. The context's module access combination can later be overwritten for every user in the context (again with a module access combination) granting them more or fewer rights than the context defaults.
A Class of Service is extending the feature definition for a mailbox above what is possible via a module access combination. Some OX Cloud features cannot be enabled via a module access combination (or a module access flag) but need to be granted via special properties or capabilities. So a Class of Service is required for provisioning of certain standard packages and is currently complementing a module access combination but does NOT replace it. Both need to be maintained correctly if the feature set is changed.
Permissions allow to enable or disable a certain set of features for a user. Currently, the following permissions are available:
| Permission | Description |
|---|---|
| SEND | User is allowed to send mail |
| RECEIVE | User is allowed to receive mail |
| MAILLOGIN | User can login using IMAP from external; webmail is not affected |
| WEBLOGIN | User can login to OX webmail. |
Quota in general means the amount of data, e.g. mails or files, a user can store on OX Cloud. For OX Cloud we use the concept of unified quota for all data storage the user has so that a user can use the allocated e.g. 5GB for mails and files alike and doesn't need to have separate quotas for each purpose.