Inherited permissions are powerful to globally set the access rights of a large number of documents with a small number of high level settings.
Configure the inherited permission model
AODocs provides 3 different ways to apply inherited permissions to documents:
- Document class permissions, a single set of permissions for all the documents of a document class;
- Workflow permissions, the document permissions are determined by the workflow engine;
- And folder permissions, the document permissions are determined by the document's parent folder.
By default the permissions of your documents are inherited from the document class in Document Management libraries. To change this setting, open the administration console, select “Document Classes” (1) and click on the document class you want to configure. Then open the security tab (2) and the list box named “Document permissions are inherited from” (3), which provides the following options:
- “Class”:the inherited permissions are defined in the class security panel and are the same for all documents of the class (more details below).
- “Folder”: the inherited permissions are defined in the document’s parent folder.
- “The document’s current workflow state”: the inherited permissions are defined in the security panel of each workflow state. Learn more here: Set document permissions based on workflow states.
Selecting how document permissions are inherited
If you set the document permissions to be inherited from the class, a panel will appear at the bottom of the page to configure the inherited permissions (4). On the first line of the panel you can select the global visibility mode (5).
Configuring permissions for the documents of the class
A drop-down menu opens (6) and the following options are available:
- “Document visible only to specific users or groups”: documents of this class will be only available to the specific users or groups that are added (7).
- “Document visible to all library readers”: documents of this class will be visible to all users who have reader access to the library
- “Document editable by all library contributors”: documents of this class will be editable by all users who have contributor access to the library
- “Document visible and editable by all”: documents of this class will be visible and editable by all users who have access to the library
You can also add users and groups to the list of permissions by entering the user’s or group’s email and clicking on “Add” (7). You can then select the access level (“Read” or “Read, Write”) for the new user or group (8).
Selecting the visibility level and adding new users or groups to class permissions
Configure document-specific permissions
The sharing permissions defined on a document class, a folder or a workflow state (as explained above) can be combined with document-level permissions, if allowed by the administrators.
Document-level permissions can be enabled or disabled with the "Security mode" list box (9). This list box provides two options:
- “The authorized users can override the inherited security”: when this option is selected, users can modify the sharing permissions of each individual document, to add sharing permissions on top of the inherited permissions, or to ignore the inherited permissions altogether. Learn more here: Share documents in a Document Management library.
- “The inherited security cannot be overridden”: if this option is selected, no document-level permissions can be defined, and all the documents of the library will have exactly the same sharing permissions defined in their class, parent folder, or workflow state.
Configuring the Security mode