|
Introduction to KnowledgeTree Document Management Made Simple > Permissions
The KnowledgeTree repository is secured through the system's Permissions mechanism.
KnowledgeTree provides a set of default permissions, and allows the configuration of additional customized permissions.
Access is strictly permissions-based. Users are only allowed to perform an action in the system where they have the appropriate permission on the document or folder. This includes the ability to 'view' the folder or document in the folder structure.
Permissions are set up at the following levels:
| • | Group - users are added to groups, and acquire the permissions assigned to the group |
| • | Role - permissions are assigned to a role, and the role is assigned to a user to provide the user with the permissions allocated to the role. |
| • | Folder - setting up permissions on a folder involves selecting the roles and groups who will be assigned permissions on that folder. By default, permissions set up on a parent folder apply also to its' child folders, and any changes made to the permissions of the parent folder are passed on to the child folders. This 'inherit permissions' feature may be disabled, and in this case, a custom permission set is set up on the child folder, which will apply only to that folder, including any content in that folder. |
Note: Only users who belong to groups and/or roles with the Manage Permissions
permission on a folder may enable or disable 'inherit permissions' on that folder.
Viewing Permissions set up on a Folder
Non-administrative users use the Permissions link on the Folder Actions menu in Browse Documents to view the permissions set up on a specific folder.
Default Permissions
KnowledgeTree includes the following set of standard permissions:
Permission
|
description
|
Read
|
Allows the user to view a document and its metadata. The Search and Browse functions do not list a document in search results, or in the folder view, to users who do not have the 'read' permission on the document.
|
Write
|
Allows the user to change the content of a document and its metadata, to perform the check out / check in action, and to create new documents in folders where they have the 'write' permission.
|
Add Folder
|
Allows the user to create and edit folders where they have this permission on the parent folder.
|
Manage Security
|
Allows the user to configure and edit security options on the folder and on its' content, including edit permission and role allocations.
|
Delete
|
Allows the user to delete any file or folder where they have this permission on the parent folder.
Note: The Administrative user won't be able to delete immutable documents using the Delete button in Browse Documents, even when they're working in Administrator mode. Immutable documents can only be deleted when using the Delete action from the immutable document's Document Detail page. This ensures that immutable documents are only deleted one at a time, and avoids the mistaken deletion of an immutable document in a mass action delete.
|
Manage Workflow
|
Allows the user to change the workflow settings on a document (e.g. perform a transition).
|
View Folder Details
|
Allows the user to see the name of the folder, the transaction history, and other details linked to the folder name.
|
Viewing Permissions, or Adding New Permissions
The system administrator uses the Security Management link on the Administration menu in DMS Administration to create new permissions, or to delete permissions. Non-administrative users use the Permissions link on the Folder Actions menu in Browse Documents to view permissions set up for specific folders.
Note: KnowledgeTree uses document permissions, whereas file permissions are an operating system construct. File permissions define which files the operating system users are allowed to access on the file-system. File permissions do not map to document permissions within KnowledgeTree - there is no relation between these two concepts.
Assigning Permissions
Permissions are allocated by group, by role, and by folder.
Permission assigned on this level ...
|
description
|
Folder Permissions
|
Assigned to the creator of a folder, and to the KnowledgeTree administrator
Permissions that have been granted to the parent folder are applied by default to the sub folders and documents in the parent folder. When a new folder is created, it will always default to the permissions of its parent folder. Any changes to the permissions of the parent folder are passed down to the sub folders.
Users can override the parent permissions, but when changes are made to the permissions of the parent folder, those changes are no longer passed down to the sub folder. The parent permissions can also be re-applied at any time, and this will override the custom permissions that may exist for the sub folder.
|
Role Permissions
|
Permissions may be assigned to the Role - e.g. developer. Groups are then added to the Role to allocate permissions of the Role to one or more groups. Role permissions are useful for workflows, because workflows are typically created for the role, and not for the group.
|
Group Permissions
|
Folder permissions are granted by group.
|
Click here to find out more about KnowledgeTree's permissions model.
|
Contents
