Permissions

To open the permissions dialog, click the permissions area at the bottom of the metadata card.



The permissions area is displayed at the bottom of a metadata card.

You can quickly select the document permissions from the pull-down menu in the Permissions dialog. These predefined permissions, or named access control lists, can be modified with the M-Files Admin (refer to Named Access Control Lists). An access control list consists of various user groups or users and definitions of their permissions.

Editing permissions

You can edit the permissions by first clicking the Permissions area on the metadata card and the clicking the Edit... button in the Permissions dialog.

When you want to edit the permissions, first deselect the Use named access control list checkbox. By clicking the Add... button, you can display all users, user groups, and pseudo-users registered in M-Files and edit the permissions for each of them. With the Remove button, you can remove users, user groups, and pseudo-users from the access control list. If you want to edit this user list, open M-Files Admin and refer to Users or User Groups.

Also refer to the specification of pseudo-users in Pseudo-users.

Multilevel permission system

You can view the and edit the permissions by The options available are All, Changepermissions, Remove, Edit, and Read. You can allow a permission by selecting Allow and deny it by selecting Deny.

A user with the read permission can open the files contained in the document and view its properties. The user cannot check the document out, i.e., making changes to the document is not possible. If the user does not have the read permission for the document, it will not be visible to the user in views or search results.

With the edit permission, the user can freely edit the document. These permissions automatically include read permission and edit permission. Edit permission does not encompass any deletion rights.

With delete access, the user can delete the document but not destroy it altogether without destroy permission. Deletion access does not encompass any other rights.

Change permissions determines whether the user is allowed to change the permissions for the document in question. This permission does not include any other permissions, and it can be used independently of the other permissions. Note: A user with this permission can specify any other permission for himself.

If some permission is denied, it always takes precedence over allowed permissions. Keep in mind that denied permissions always takes precedence over allowed permissions. This means the following, for example: User A is a member of user group B.User group B has the write permission for document C. User A, on the other hand, does not have write permission for document C. Even though user A has write permission for document C by means of user group B, user A cannot use this permission, as it has been separately denied from user A.

Selected permissions

The document or object may have its own permissions, and the object may also have different automatic permissions via the properties. Any given permission must be granted by all these settings in order to be effective.

On the Permissions tab for the object, the user can check the permissions that influence the final permissions 
of the object. In order for any specific permission, such as read or edit access, to be granted for a specific user, all of the permissions in effect, at all levels, must allow it simultaneously.

For more information on internal restrictions to permissions and valid permissions, refer to Effective Permissions.

Source

The "Source" column indicates the source from which the object has received a given permission. In the example, the object has automatic permissions granted via the project (Project name [Project]), and the object's own permissions (This object). Both of them restrict the final permissions of the object.

Description

The "Description" column provides descriptive text for the permission. Note: If you have created an automatic permission by value, value list, or object type and named it, the name is displayed in this column.

Active

If the users have been allowed to bypass the automatic permissions when they are specifying automatic permissions for the relevant value, value list, or object type, the user can deactivate the automatic permissions granted via the value by deselecting the permission in question. Then the permission is not active anymore and it does not influence the object's final permissions.

Details

You can enter the Permissions dialog box either via the ... icon or Details icon. Use the Add and Remove buttons to add or remove users.

Effective Permissions

For more information on internal restrictions to permissions and valid permissions, refer to Effective Permissions.