|
Modifying Access Lists |
|
|
||||||||||||||||||||||
Users access documents based on the rights granted to them per Cabinet, folder, document or item. Access rights may be set on each of several items:
Cabinet
NetBinder (common access rights for all documents in the NetBinder)
Document (set individually for each individual document)
Folders
Categories
Calendar Events
Discussion items
Workspaces
The Cabinet Administrator
controls the documents in the Cabinet and grants a certain level of
access to each User Group
based on the User Group's specific needs. If the documents reside in
a NetBinder, the NetBinder's owner is responsible for setting access rights
to those documents. There are no document-level rights for documents in a
NetBinder. Document-level security can only
be set by someone in a Cabinet who has "Administrative" rights to that
document. The creator of a document in a Cabinet has "Administrative"
rights unless they are relinquished.
In My Cabinet, you are the only one
that has rights to a document, unless it has been shared with you by someone
else via a NetBinder.
By default a Workspace will
inherit the rights from the Cabinet or if Profile-based Security is used,
the rights will come from the Workspace Template. Since a Workspace is
created by the service and no an individual, no one is given VESA rights to
a Workspace automatically, such as when a document is created.
Cabinet Administrators Get
"VSA" Rights
When a Repository Administrator appoints a user as a Cabinet
administrator, that user is given implicit View, Share, Administer (VSA) rights to
items in the Cabinet.
When required, the Cabinet Administrator can temporarily change the rights
to VESA for a specific document or other item.
Editing User Rights
Each document, folder, category, etc has an Access
list which defines who can view and edit it. When you are on a
List View page or the
Profile page, you can select the option to go to the
Access List. You can do this from the menu or using the right click
menu. When you select the option, a dialog pops up that shows
each group and/or user who has rights. If you have rights, you can
edit the security by selecting the Edit Option. You cannot edit the
list if you only have View rights unless it is an msg file.
Users need to have Admin rights to a document, Category, Discussion, Calendar Event or NetBinder to change the Access List. Also a user with Share (S) rights can add another user to the Access List up to the same rights as that user has, but cannot remove anyone from the list including any that they have added.
A user may apply one of six security attribute combinations to a document, category, folder, NetBinder, etc:
-
VESA - view, edit, share, and administrator
-
VES - view, edit, share
-
VE - view, edit
-
VS - view, share
-
V - view
-
No Access
| View | V |
A user can View the contents of a document, folder, category,
calendar event, discussion, workspace etc. in a Cabinet
or NetBinder either in the application or with the Viewer. The user cannot Edit the document or Profile. A user who only has View rights to a folder cannot place items into that folder. An External User who has View only rights to a document cannot make a Copy of a document, or Email a copy of a document from NetDocuments (the external user can use the Notify to send a link to others who have access to the document unless the Cabinet flag to not allow this has been set by the Cabinet Administrator). |
| Edit | E |
A user can modify the contents of documents in a
Cabinet or NetBinder. A user can create or modify versions of a document. A user can edit a document's profile including renaming the document or item. A user has to have Edit AND Share to view the History of a NetBinder or a document. A user can add new documents (not subfolders)
into a folder. |
| Share | S |
A user can share a document in a Cabinet with other users of the
Cabinet. This means that with Share rights you can add
other users but cannot remove existing users' access and you cannot give any user more
rights than you have. A user can share a NetBinder with other users (inside or outside of the cabinet). This means that with Share rights you can add other users but cannot remove existing users' access and you cannot give any user more rights than you have. An External user with Edit and Share rights can see the History of a document. A user has to have Edit AND Share to view the History of a NetBinder. A user has to have Edit and Share rights to a folder, to create a subfolder in that folder. An External User who does NOT have
S rights, cannot see the Access Lists. |
| Administer | A |
A user can delete a document or a NetBinder. A user can delete a version of a document. A user can force the check in of a document. A user can remove other users from the Access List of a document or a NetBinder, change the rights of users already in the Access List and add people to the Access List with full rights (VESA). A user can rename a folder. |
| No Access |
A user cannot see a document or NetBinder, or folder, etc. when their
name is listed as "No Access" in the access list. So one user may see several documents in
a folder while another user may see only one or no documents in a
specific folder depending on the rights. |
NOTE: All internal users who can see a
Cabinet, have the right to add and import documents or items to that Cabinet. If
you add a document or other item to a Cabinet, you automatically have VESA
rights to that document or item.
External Users
A Cabinet Administrator can set a specific flag to allow or not allow
External Users to create documents in a Cabinet. If it allowed, then
when an External user creates a document, they will have VESA rights to the
document and the cabinet default will apply or, if they are using
Profile-based security, that will apply.
When an external user is created, they are added to an External Group. Generally when setting up the cabinet access default, External Groups are given No Default Access. This means that the external users will see the cabinet, but will not see any documents or folders, unless they have been given specific rights to a folder or document. The Repository Administrator can allow a Cabinet Administrator to create External Users and External Groups for that specific cabinet. In that case, the External Users created at the Cabinet level will be added to the Repository list of external users, however the groups created at the cabinet level will only be available for that cabinet.
When an external user has access to a document, an "X-man" icon will show next to the document name in the Info dialog or the profile. This is also shown on list views, but in some circumstances, that icon will not be refreshed when external access is removed. (It will always be accurate on the Info dialog and Profile page.)
If you are a member of a User
Group that has V rights in a Cabinet, and you are a member of another User
Group that has VES rights in the same Cabinet, your actual default access to
the Cabinet is VES.
Now suppose that, as a member of the "Sales" user group, Frank has VS rights
to the Marketing Cabinet. In addition, as a member of the "Design Committee"
user group, he has VE rights to the same Cabinet. Though VE rights are
"higher" than VS, Frank does not lose his Share rights to the Marketing
Cabinet. Instead, his VE rights are added to his VS rights, giving
Frank VES rights to the Marketing Cabinet.
Note
There is an exception to the cumulative rights concept. When a user's access level has been set to "No Access" by a document's, the user's default rights as a user group member do not apply to that document. See No access means NO ACCESS.
No Access Means NO ACCESS
When "No Access" is applied to a user or group, the document is completely
invisible to the user(s). Suppose you want to grant rights to a
document or NetBinder™ to the Sales user group. However, there is a new sales
associate named Jim Bob who should not be included in the shared list. What is
the quickest way to do this?
First add the Sales group to the access list. Next, select Jim Bob from the
list of users. Add him to the access list and change his rights
to No Access. What you have done is included the Sales group, which originally
defined Jim Bob with access, but then added him separately and granted him,
individually, No Access. This is called Negative Security.
When a user creates a new NetBinder, he or she is the only person with access to the NetBinder by default. Cabinet User Groups do not have default access until this user explicitly grants such. This is done because NetBinders are used typically for ad hoc projects and very specific users or groups and rarely will an entire Cabinet membership need to be part of the NetBinder and the alerts or notifications that are sent as changes are made to it.
When you save a search criteria as a Category, the same rights that are applied to a document are applied to the Category by default. You may always manually modify the access list and restrict its access further if you choose. Because you will generally have access to Categories that have no meaning to you, when you search categories, you should include yourself as the Creator to locate only those you have created.
You can modify an Access list by going to the Profile page or selecting a
single or multiple documents from a List View page.
There are three user Access lists available for selection from the User Groups drop down:
- Cabinet | Members
- Individual Groups and Users (Internal and External Groups)
- NetBinder Personal Contacts
Cabinet Members default
This selection contains all Groups previously defined by a
Cabinet Administrator at the cabinet level,
and includes the rights granted to those groups at that level to be used as a
default. By clicking on
Details, you will see any and all Groups defined by an administrator.
For example, suppose a cabinet administrator created a group named Sales in
the Cabinet administration area, and granted that group VE rights by default,
and a group named Engineering with group rights of VES. In addition,
there are 25 other cabinet members, but the administrator does not include any
of them in a defined user group.
By adding Cabinet Members Default to the "People Sharing This Document" access
list, all users of the Sales and Engineering group membership will be
included in the Access List. The access rights of this Default set of
Groups cannot be changed.
Individual Groups and Users
By selecting an Individual Group, you can narrow the access of a specific
document, folder, etc. Groups are separated into Internal and External
groups.
If the Cabinet Administrator included it, there will be a group called
Internal Users which includes all Internal users. You can grant access
to that Group or any user within that group.
If you want to select an individual from a group, click on the Group name and
each of the members will be displayed in the box underneath. You can
then specify individuals with whom to share,
rather than just a group.
NetBinder Personal Contacts (only used for NetBinders)
The NetBinder Users List displays people with whom you have shared documents
through NetBinders.
Note
The Cabinet Inbox folder access cannot be modified by any individual
and should generally not be used when adding new documents. The Cabinet Inbox can
be used as a fax inbox or email inbox for temporary storing of documents until
they can be filed elsewhere. The Deleted Items folder access also cannot
be changed.
Changing the Access List of Multiple Documents or folders at one time
You can change the access list for all documents matching a search criteria or documents in a folder or other list View. NetDocuments will support adding to, subtracting from, or completely replacing the existing access list. You can choose Modify Access List from the Search Results, Recent Documents List, and Folder pages to add users, modify current access, or remove users. This process can take several minutes depending on the number of documents requested. If more than 500 documents are requested, it will be completed as a background process and you will be sent an email when it completes. The email will include a number showing how many items were changed. You will be prompted with any documents that fail in the process, due to insufficient rights or if documents exist in Cabinets other than the one you first specified for the mass change.
Note:
You can also change the Access List of individual documents using this
option rather than going to the Profile page directly.
Note:
If you want to change everything in a folder tree, open the access list for
the top folder and select the box that says "apply this access list to all
documents and subfolders in this folder." This will
change the access list for the folder you have selected, any subfolders in
that folder and any documents in any of the folders. Changing all
documents and subfolders under a parent folder does not have a limit on how
many items will be changed.
Note:
NetDocuments does not support the multiple document change capability for documents while in an open NetBinder. However, if you use the option on a document from another
List View that is contained in a NetBinder, it will change the security of the
NetBinder itself since the Access List is at the NetBinder level.
|
|||||||||||||||||||||||||||||
