AODocs has library roles and domain roles.
At the library level there are:
- Pre-defined library roles, based on permissions
For example, all library administrators have the permission to access the library administration and change settings. Other permissions can be assigned to particular roles, for example, the permission to create documents in a library or to perform certain workflow actions. - Custom library roles for your specific business needs
A custom role can represent an operational entity or a job title, such as Invoice Manager or Financial Department. You can assign individual users or Google groups to one or more roles.
Note: You can't currently add Microsoft groups in roles. Learn more about Google groups in AODocs and Microsoft groups in AODocs.
- Pre-defined document roles (or properties)
This article describes all the library roles:
Automatically generated table of contents
Pre-defined library roles
There are two types of pre-defined library role in AODocs:
Main library roles: administrators, contributors and readers
These roles have a set of inherent permissions and can be used to define:
- workflow participants, permissions and notifications
- document class permissions
- view permissions
Using a role to define who can perform a manual workflow action
The table below shows which library types have each type of main library role.
Team Folders |
Secured Folders |
Document Management libraries |
|
Administrators |
|
|
|
Contributors |
|
|
|
Readers |
|
|
|
Below is a brief outline of each main library role:
- Administrators are granted write, read, share, and delete permissions to all documents in the library of which they are administrators. Administrators can also configure library administration settings.
Tip: Administrators also receive and manage the sharing requests forwarded by the AODocs storage account. Administrators can use the API to delegate the management of sharing requests to a specific role. - Contributors can be given the permission to create, edit, delete and share documents in the library. Being a member of the contributor role at the library level doesn't grant write permission on all documents, but rather makes it possible to be given this permission.
Note: You can't grant a user edit permission on a document if the user is a reader in the library — the user must be a contributor. - Readers can be given the permission to read documents in the library. Being a member of the reader role at the library level doesn't grant read permission on all documents, but rather makes it possible to be given this permission.
Notes:
– All contributors are automatically readers.
– You can't grant a user read permission on a document if the user isn't defined in the library.
Library administrators can assign main library roles to users or groups on the roles page of the library administration and in the library security settings.
Advanced permissions roles
These roles give users in a library some advanced permissions. They can be assigned to:
- contributors and readers in Secured Folder and Document Management libraries
- Google editors and viewers in Team Folders
All libraries have the following pre-defined advanced permissions roles:
- Category value managers can add, modify and delete category values in existing categories and set (or cancel) category values as outdated. Learn more:
Note: Category value managers cannot set categories as dynamic.
- Document managers can force workflow actions and view all properties, including hidden and read-only properties. In addition, if document managers are contributors, they can edit hidden and read-only properties.
Note: These actions are available only in documents in which the Document manager already has view or edit access. Being a Document manager does not grant any other document level permissions.
- Maintenance managers can view and release locked documents
Library administrators can assign advanced permissions roles to users or Google groups on the roles page of the library administration.
Important:
– If you assign an advanced permissions role to a user who isn't defined in the library, they won't have access to the library.
– You can assign any number of advanced permissions roles to a given user.
Custom roles (optional)
In addition to pre-defined roles, administrators can configure custom roles in the Roles section of the library administration interface.
Custom roles are specific to each library and are not shared between libraries.
Learn more: Create and configure custom roles
Tip: As best practice, if you are using Google Groups you are recommended to associate each AODocs custom role with a single dedicated Google Group to avoid unnecessary access control list (ACL) synchronization in your Google Drive each time you add or remove users from the role.
Pre-defined document roles
A pre-defined document role is a document property that contains only one person and can't be updated manually.
Each document has three pre-defined roles:
- Document creator: the user who created the document
- Last update author: the user who performed the last update on a document. This role is dynamic.
- Version creator: the user who created the last version of the document. This role is dynamic.
Note: Users can create versions manually or by workflow actions. Users can create a new versions directly or through a check-in.