User roles and accessing the library
A user's role determines the permissions they may have access to in the system. FileHold comes pre-configured with 12 user roles. The roles are organized in a hierarchy with the Limited role being the least powerful and System Administration being the most powerful. Roles are assigned to users when they are members of a FileHold group that is assigned the role.
Role | Inherits from | Default group |
---|---|---|
Limited | None. This is the most basic role. | Limited Users |
Read Only | Limited | Read Only |
Document Publisher | Read Only | Document Publishers |
Document Publisher & Delete | Document Publisher | Document Editors |
Publisher | Document Publisher | Publishers |
Publisher & Delete | Document Publisher & Delete | Editors |
Organizer | Publisher & Delete | Organizers |
Organizers & Delete | Organizer | Organizers & Delete |
Cabinet Administration | Publisher & Delete | Cabinet Administrators |
Library Administration | Cabinet Administration | Library Administrators |
Senior Library Administration | Organizer & Delete | Senior Library Administrators |
System Administration | Senior Library Administration | System Administrators |
For each role, FileHold ships with a pre-defined default group that is assigned the role to simplify setup of a new system, testing and demonstration. Though they can be used in a production system, they can also be deleted and replaced with groups that are more relevant to your operation / configuration.
Some permissions associated with a role take immediate affect when the role is assigned. For example, access to the library administration menu items is granted when a user has the library administration or higher role. Other permissions do not take effect until additional assignments are made. For example, a user with the cabinet administrator role will only have the permissions associated with the publisher and delete role until they are assigned as the owner of a cabinet in the library. Once that happens, they will have the full permissions of the cabinet administration role, but only when they are working on folders or documents in that cabinet.
When a permission is granted by virtue of the role simply being assigned to the user, these permissions are said to be inherent to the role. Inherent permissions are always granted according to the highest role a user is assigned. For example, a user with a library administration role has access to all document schemas. This same user might also be assigned to a group with a read only role. The read only role does not grant any automatic access to any document schemas, but this is not important as the inherent permission on the library administrator takes precedence. All permissions for the system administration role are inherent.
The hierarchy of roles is in full effect when the same user is assigned to a cabinet or folder more than once. For example, a user belongs to the Sales group and they also belong to the Management group. Both groups are members of the same Sales territories folder. The sales group is assigned the document publisher role and the management group is assigned the organizer & delete role. The user will have organizer & delete permissions in the Sales territories folder. The role of the sales group will be ignored.
Roles can be arbitrarily reduced by cabinet or folder. When assigning a user or group as a member of a folder, the advanced security option will allow the normal role for that group to be reduced. Using our example above, assume the sales group should only have read only permissions for the sales territories folder. One way to do this would be to create a new group like "Read only sales" and assign the read only role. Then, use this new group for membership in the sales territories folder. However, the amount of management needed can be reduce by simply using the advanced security option and reducing the role of the sales group to read only for this one folder. More information on advanced security is available on the Managing Folder Access page.
Select permissions can be disabled for certain roles by group by a user with the system administration role in the FileHold Groups area. These reduced permissions are effective where ever the group is assigned.
Reduced permission | Applicable roles |
---|---|
Disable email | All |
Disable sending Courier transmissions | Document Publisher and higher |
Disable document download | Document Publisher and lower |
Disable printing | Document Publisher and lower |
Disable viewing | Document Publisher and lower |
Disable ad hoc searches | Senior Library Administration and lower |
Detailed role descriptions
Role Name |
Description |
---|---|
Limited |
A user assigned to a group with a “limited” role has restricted access to the system. Users can search, view, download and email documents. There are two user account types that can be assigned to a limited role:
|
Read Only |
Read Only and remaining roles must be assigned to a Full Registered user account. The Read Only role inherits the permissions of the Limited role. A user with Read Only permissions has access to My FileHold and can adjust their view preferences. This is the minimum role needed to be a participant in a workflow. |
Document Publisher |
Document Publisher user role has the permissions of Read Only plus add, check-in/check-out, edit documents, and metadata. They can move documents that are owned by them. They cannot delete any documents including those which they have added to the system. Document publishers can initiate workflows, participate in workflows, and initiate Courier transmissions. Document publishers can convert offline documents to electronic documents using the check out and check in process (if the permission setting is enabled).
|
Document Publisher + Delete |
Document Publisher Plus Delete user role can do everything a Document Publisher can do and delete their own electronic documents. They must be the owner of the document in order to delete it. To see the owner of a document, you can look at the version properties in the metadata pane. |
Publisher |
Publisher user role can do everything a Document Publisher can do plus:
|
Publisher + Delete |
Publisher plus Delete user role can do everything that a Publisher can do plus delete electronic documents, folders and folders group owned (created) by them. |
Organizer |
The Organizer role is for users who are responsible for organizing documents that are scanned or imported into the system or who are assigned to organize documents added by other users. For example, organizers would move the documents generated by scanner operators to their correct folder in the library. Only trusted personnel should be given this role. Organizer role user can:
|
Organizer + Delete |
Organizer plus Delete role can do everything that Organizers can do plus delete all electronic documents, folders and folder groups regardless of their ownership. This organizer and delete role can only do this within Cabinets, Folders and Schemas that they are a member of. This role should be used by trusted personnel only. |
Cabinet Administration |
Cabinet Administrators can only administer the cabinets that they own; they cannot create cabinets for themselves.
When a user with the Cabinet Administration role owns a Cabinet they can:
|
Library Administration |
Library Administrators can only administer the cabinets that they own. Their permissions are the same as the Cabinet Administration role plus they can:
|
Senior Library Administration |
Senior Library Administrators have the permissions of a library administrator and have inherent access to all parts of the library. Senior Library Administrators can create cabinets to be managed by any Library Administrator or Cabinet Administrator. |
System Administrators |
System Administrators have inherent access to all parts of the FileHold application. They can perform all of the functions of all other roles. However, the main tasks of the System Administrators are to add users to the system (including assigning the initial password and setting requirements for all new passwords and ability to self register), assign users to their appropriate groups, enable document control numbers and version control numbers, manage user accounts, user groups and the system license pool. The System Administrator also has access to various global settings (outbound e-mail, system wide configurations for managing the various documents format conversion permissions etc.) and as well as user activity reports.
|