Document security

FileHold documents have two dimensions of security:

  • The library at the folder level and
  • The document schema.

Users are given access to documents when they are added as members of folders and document schemas. Membership in a folder is constrained by the members in the cabinet where the folder is located. A folder does not need to contain the same members as the cabinet, but you cannot add a member to a folder if it is not already a member of a cabinet. Your System Administrator manages the users and groups that are added as members to the Cabinets, Folders and Schemas.

A common document access problem is when a user has access to a folder, but they are not a member of a schema. A user's permissions for the entire system can been seen with the Effective Permissions report

Cabinet, Folder or Schema membership

Cabinet and folder security also provides the option to determine the permissions a user has on the library structure and documents through the use of library structure ownership versus membership and by using the advanced security option to reduce a member's role.

Cabinet security can be managed by a user or group with a senior library administration role or higher or a cabinet administration role or higher if they are also the cabinet owner. Users and or groups with a role lower than senior library administrator will not see a cabinet or any of its contents if they are not an owner or member of the cabinet.

Folder security can be managed by a cabinet administrator or a user or group with a Publisher role who is also the owner of the folder. If a user or group is not an owner or member of the folder they will not see the folder or anything inside the folder when they log into the system.

A red dot next to a folder icon has special meaning as follows:

  • The user has read-only access to the folder
  • The user has reduced permissions at those folder levels. For example, a user belongs to a group with an Organizer and Delete role and a group with a Document Publisher role. If only the group with the lower permissions has access to the folder, then the red dots appear. The red dot does not affect their abilities as Document Publishers in those folders.
  • The group permissions have been modified using the Advanced Security options (see below).

Schema security is managed by a user or group with a library administration or higher role. Users with a cabinet administration role or higher are members of all schemas. For other users and groups, if they are not a member of the schema they cannot see, add, search or use links to documents with that schema.

Advanced Permissions

Using the advanced security area, you can modify permissions at the Cabinet or Folder level for FileHold Groups, giving them less permissions than they would normally have in other Cabinets and Folders. A red dot will appear on the affected folders for user's to indicate where this is taking place. Removing the modified permissions is completely possible, by resetting each group.

Advanced security does not allow an illogical assignment. For example, a library administrator who is not the owner, can not be assigned a cabinet administrator role or organizer role. For cabinet or folder owners, the advance security cannot be set.

Cabinet Advanced Security

Effective Permissions

A user can be assigned to a folder or cabinet as a result of being assigned to one or more FileHold groups. The actual users with access to the folder or cabinet and their role on the folder or cabinet can be found by pressing the Effective Permissions button.

For more information on user and group security, see:

Effective Permissions Report

The Library Structure

User Roles

Creating Groups

Creating Users and Groups

A few quick rules about FileHold security

  • The library is visible to all users regardless of type or group.
  • All users that are given access to a cabinet will see all of the drawers and folder groups inside that cabinet.
  • Users will only be able to see folders where they are members or owners.
  • Users will only see documents inside a folder where they are members of the assigned document schema for the current visible document version.
  • Access to the library archives follows the same logic as the main library.