User Roles and Accessing the Library

User roles are pre-defined in the document management system provide multiple levels of security and cannot be modified. Users with the correct role can manage certain parts of the Library structure. The following user roles are shown in the order of least permission to most permission.

All roles provide document e-mailing capability. Roles higher than Document Publisher have the Courier functionality. These functions can be disabled on a group basis by a System Administrator in the FileHold Groups area. Limited and read-only group roles can have the viewing and printing abilities restricted.


Role Name



A user assigned to a group with a “limited” role has restricted access to the system. Users can only get a copy or view documents in the library.

Groups assigned to a “limited” role are used for when multiple people can share the same username and password to log into FileHold to see the same documents in the library. For example, documents such as newsletters, forms, or corporate policies may need to be accessible to all company employees but they do not require a full registered user license and full functionality.

There are two user account types that can be assigned to a limited role:

  • Limited Registered user accounts can log into FileHold using a single username and password.
  • Portal Alias user account types are used in conjunction with the Anonymous portal and require no login.

Using limited registered or anonymous portal user account types are a cost-effective way for many people to view documents in the repository but with very limited functionality.

User accounts assigned a role of “limited” consume “Limited concurrent sessions”. Limited concurrent sessions are the number of users that can log into FileHold at the same time using a limited registered or portal alias account. For example, 30 people may have the same login credentials but only 20 can use FileHold at the same time because there are only 20 limited concurrent sessions.

If multiple people log into FileHold with the same user name, the log files record the same user name regardless of the actual person that logged into the system.

Groups assigned the limited role restrict users from downloading or printing documents in the group properties.

Read Only

A Read-Only user role may only download or open and read documents from FileHold. They cannot edit, delete, or create documents or metadata. They can email documents if given this functionality by System Administrators.

Read-only users can participate in workflows but cannot initiate workflows.

In FileHold 15, read-only users may be restricted from downloading or printing documents.

Document Publisher

Document Publisher user role can read, get a copy, add, check-in/check-out, edit documents, and metadata. They can move documents that are owned by them.  They cannot delete any documents including those which they have added to the system.

Document publishers can initiate workflows, participate in workflows, and initiate Courier transmissions.

Document Publisher + Delete

Document Publisher Plus Delete user role can do everything a Document Publisher can do and delete their own documents. They must be the owner of the document in order to delete it. To see the owner of a document, you can look at the version properties in the metadata pane.


Publisher user role can do everything a Document Publisher can do plus:

  • Create new folders or rename folders that they own.
  • Assign existing folder groups.
  • Copy or move folders that they have already created.
  • Clone folders and folder groups created by other users and become the owners of the folders.
  • Publishers cannot delete existing documents, folders or folder groups including those which they have added. All documents and folders created by the Publisher will be owned by them and they cannot change the ownership.

Publisher + Delete

Publisher plus Delete user role can do everything that a Publisher can do plus delete documents, folders and folders group owned (created) by them.


The Organizer role is for users who are responsible for organizing documents that are scanned or imported into the system or who are assigned to organize documents added by other users. For example, organizers would move the documents generated by scanner operators to their correct folder in the library. Only trusted personnel should be given this role. Organizer role user can:

  • Move all documents (which they have an access to) in other places in the library including documents which they do not own. In other words, they can move documents that are owned by other users.
  • Move, copy or clone all folders and folder groups regardless of their ownership. In case of cloning they will become the owners of folders. In case of copying and moving the original ownership of folders is preserved.
  • Add folders where they will be the owner, and rename folders.
  • Assign existing folder groups.
  • Delete documents that they own.
  • Change document owner regardless of ownership.
  • Convert offline documents to electronic documents.
  • Export documents.

Organizer + Delete

Organizer plus Delete role can do everything that Organizers can do plus delete all documents, folders and folder groups regardless of their ownership. This organizer and delete role can only do this within Cabinets, Folders and Schemas that they are a member of.

This role should be used by trusted personnel only.

Cabinet Administration

Cabinet Administrators can only administer the cabinets that they own; they cannot create cabinets for themselves. They can:

  • Create, edit, and delete drawers, folder groups and folders and manage their properties (i.e. membership structure).
  • Access all documents (in Publisher and Delete capacity) from anywhere in the library structure unless they are restricted from that area of the library structure. If they do not have access to the Cabinet and Folder they will not be able to access the documents.
  • Rename folder groups.
  • Delete and move electronic records as long they are owners of the cabinet. Electronic records can only be moved to another Cabinet in which they own.
  • Convert electronic documents to electronic records and vice versa for cabinets that they own.
  • Convert electronic documents to offline documents for cabinets that they own.
  • Move documents between cabinets as long as they are owners of the Cabinet. If users need to move documents between Cabinets that they do not own, then use an organizer role instead.
  • Have access to all document schemas.
  • Change document owner for documents in the cabinets that they own.
  • Manually move documents to and from the library archive as long as they are the Cabinet owner in the library archive.

Library Administration

Library Administrators can perform, within their cabinets, the same functions as Cabinet Administrators plus:

  • Create cabinets for which they will be the owner of and manage them in the Library.
  • Access to FileHold’s Library Administrator where they can manage metadata fields, schemas, events, set up workflow templates, manage numerous global settings (i.e. viewer permissions, search engine settings, reporting services permissions and more),perform various managerial functions such (as check-in for user, change document owner, recover deleted document etc.) and access many useful reports and usage logs for cabinets that they own.
  • Library Administrators cannot create cabinets for Cabinet Administrators to own. If a Library Administrator creates a cabinet, then they are the owners.

Senior Library Administration

Senior Library Administrators have full control of the FileHold library itself and Library Administration area. Senior Library Administrators can create cabinets to be managed by any Library Administrator or Cabinet Administrator.

System Administrators

System Administrators have complete control of the system. They can perform all of the functions of all other roles. However, the main tasks of the System Administrators are to add users to the system (including assigning the initial password and setting requirements for all new passwords and ability to self register), assign users to their appropriate groups, enable document control numbers and version control numbers, manage user accounts, user groups and the system license pool. The System Administrator also has access to various global settings (outbound e-mail, system wide configurations for managing the various documents format conversion permissions etc.) and as well as user activity reports.