Documents: Permissions
Guide to permissions in Documents
Max Bromée
Apr 9, 2024
General for Workspace:
Documents: Permission
Matrix of the functions that each permission setting provides to the user for the current folder or document collection:
Permission Type (Horisontal) | Full | Create | Read | Update | Delete | (View) |
Permission level (vertical) | ||||||
View | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Interact | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Download | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
Edit | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ |
Upload | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ |
Add | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ |
Replace | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ |
Delete | ✅ | ❌ | ❌ | (✅) | ✅ | ❌ |
View Permissions | ✅ | (✅) | (✅) | (✅) | (✅) | ❌ |
Manage Permissions | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
Publish | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
View Review | ✅ | (✅) | ❌ | ✅ | (✅) | (✅) |
Manage Review | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ |
Manage Subscriptions | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
Manage Recycle Bin | (✅) | ❌ | ❌ | ❌ | (✅) | ❌ |
Detailed description of what each permission level in the matrix means for the current folder or document set:
- View
- Open them either through the interface or a link.
- View attributes / metadata, version history, aliases, and details / properties of the item.
- View details / properties of the folder or document collections.
- View the Recycle Bin and the custom items the user has put there.
- Interact
- Comment.
- Subscribe / unsubscribe.
- Favorite / unfavorite.
- Create PDF.
- Unlock, if the item has been automatically locked during custom online editing.
- Copy from this location.
- Export comments.
- Download
- Download of single and multiple objects.
- Downloading of folder(s), document collection(s), their structure, and metadata / attributes.
- Export (old documents)
- Edit
- Object on Desktop or Online.
- Edit the settings and properties for the folder or document set.
- Manually lock with comment.
- Move / cut from this folder to another folder where the user has permission to Add objects (i.e. "Create" or "Full").
- View a document's history.
- Upload
- Up to 100 GB (New Documents) via button or drag and drop.
- Import objects with associated metadata / attributes.
- Add
- Create folder(s) or document collection(s) within the site.
- Move, cut, or copy to this location.
- Bulk update attributes.
- Replace
- Manually replace objects.
- Delete
- Delete and restore entire folders / document set and its content to the Recycle Bin.
- (✅) = The user can only delete and restore the individual objects they themself have created to the Recycle Bin. Does NOT apply to folders.
- View Permissions
- Permissions for groups and individuals, including members of a group.
- (✅) = The possibility depends on the specific setting per workspace. This setting can be configured by the platform administrators at this location:
-
- The waffle / 9-dot menu > "Documents" > "Configuration" > "Settings" > "Necessary permission to see the permission settings on folders."
-
- Manage Permissions
- Permission setting for groups and individuals.
- Unlock all objects.
- Publish
- Manage the publishing of document sets and their registrants.
- Accessing and exporting messages.
- Access log.
- View Review
- View all review and approval comments even when the user isn't part of the review or approval process.
- (✅) = Depends on platform-specific setting. The setting can be found by the platform's administrators in this location
-
- The waffle / 9-dot menu > "Documents" > "Configuration" > "Settings" > "Necessary permission to view review comments"
-
- Manage Review
- Manage the review and approval process, including:
- Start reviewing, approving, or e-signing.
- Manage the review and approval process, including:
- Manage Subscribers
- Manage all groups and individual users' subscriptions.
- Manage Recycle Bin
- Only the Admin of the Platform or the Project can restore and permanently delete ALL items in the recycle bin, regardless of who put them there.
- Includes deleted versions of a document.
- (✅) = The user can restore and permanently delete the data they have added to the recycle bin themselves. To be able to restore or permanently delete an item, they first need to be able to delete it from the folder
- Only the Admin of the Platform or the Project can restore and permanently delete ALL items in the recycle bin, regardless of who put them there.
Logic:
Automatic hierarchy in permission settings
- If the user has "Read", they automatically have "View"
- If the user has "Create", "Update" OR "Delete", they will automatically have "Read"
- If the user has "Full", they will automatically have "Create", "Update" AND "Delete"
Project Level Specific:
Project groups
- Created and managed by the Admin in the Project on each individual project (or template project). These groups are specific to the project, and thus members need to be invited to each new individual project group for each project.
- NOTE: A single user can be a member of multiple groups and thus have the collective permissions for all those groups.
Functional permission:
- Functional permissions for project groups are edited in the admin module of a project (the cogwheel) and control whether the user has access to a module or not. That is, in this place;
- If a group does not have functional permissions to documents, it will not see the module and thus will not be able to access any folders (regardless of what permissions they have on the folders).
Alias-document:
- The permission on this item is controlled by the permission setting on the folder where the original is located, and not on the folder or document collection where their alias is located.
Workspace Level Specific:
Workspace groups
- Created and managed by the Admin of the Platform at the workspace level (Waffle / 9-dot menu). These groups can be added to all projects, folders and document collections throughout the Workspace.
- Permissions for workspace groups access to various modules on the workspace level are set here (i.e. not to be mixed up with project level settings which are managed in the project).
Moving folders between projects in the workspace
- When a folder is moved from one project to another project within the workspace, it will inherit the permissions from the parent folder from which it is moved to.
- This is independently if it inherit its permissions or not before the move.