Document Vault Advanced Properties

On the Advanced tab of the Document Vault Properties dialog, you can define whether you want to use Firebird or Microsoft SQL Server for saving document vault information.

Firebird is a SQL database engine integrated in M-Files. As part of the M-Files Server service, it requires no separate installation and is therefore very easy to use. Choose Firebird as the database engine, unless you have a particular reason to choose Microsoft SQL Server. Switching from Firebird to Microsoft SQL Server can be easily done later on if necessary. Changing from Microsoft SQL Server to Firebird is not, however, possible.

Microsoft SQL Server is a SQL database engine that requires purchasing and separate installation. It is recommended to use Microsoft SQL Server with large document vaults, but it also requires that the administrator is already familiar with the Microsoft SQL Server management.

Note: Never modify the content structure of the document vault database directly using, for instance, database system management tools. The database contents may be modified with the M-Files Server service only. Other modifications endanger the logical integrity of the database, which may cause faulty operation of the software and loss of data. The structure and contents of the document vault may only be modified via M-Files Desktop, M-Files Admin, and M-Files API.


See Using Firebird as the Database Engine.

Microsoft SQL Server

See Using Microsoft SQL Server as the Database Engine.

Extended metadata-driven permissions

For vaults created with version 8.0 (or later), the extended metadata-driven permissions are active by default. Otherwise they need to be manually activated. Please bear in mind that you cannot undo the operation.

Note: If you have assigned automatic permissions to values in earlier versions of M-Files, it is strongly recommended to check that the permissions are still working as desired.

For more information on automatic permissions, refer to Automatic Permissions for Value List Items. You can activate the automatic permissions by value, value list, object type, or class. To use the automatic permissions through a specific property, also allow this in the property definition's properties. For more information, see New Property Definition.

Enable file data encryption at rest

This option lets you use the AES-256 algorithm for encryption of the vault file data at rest. The encryption is compliant with the Federal Information Processing Standard (FIPS) publication 140-2. For more information, refer to Protecting File Data at Rest with Encryption in M-Files.

Before you enable the feature, please take note of this important information:

Objects that contain at least one file and have never been checked in can no longer be checked in after the vault file data has been encrypted. If this issue occurs, the files are still available on the client machine, but they cannot be made available for other vault users. Additionally, M-Files Server stores the files in unencrypted format and no vault maintenance operation will delete them.

After you have enabled the feature, do these steps to encrypt the existing data:
  1. Select the vault in the left-side tree view of M-Files Admin.
  2. Select Action > Maintenance > Update encryption status of existing files.
  3. Manually run the Optimize Database (Thorough) operation to remove the unencrypted file data of the vault. If the option Delete the files of destroyed objects is available, select it.
    Note: The scheduled automatic optimization does not remove the unencrypted file data.

File data encryption is not visible for the users.

Especially when encryption is enabled, it is crucial to have thorough and frequent backup processes in place. The combination of encrypted file data, hard drive failure, and inadequate backup system could eventually lead to the loss of all data.

Advanced Event Log features

With this option, you can activate the audit trail features for this vault. M-Files supports the administration of electronic records and signatures in compliance with FDA 21 CFR Part 11. Electronic signing requires the Electronic Signatures and Advanced Logging module, which is available for a separate fee. The module includes event logging extensions and electronic signature functionality. The module is activated with an appropriate license code.

Electronic signatures are automatically enabled as soon as the license code is activated. For more information, see Electronic Signing and Compliance.

For a list of the event types recorded to the event log, see Event Types.

Tip: If you want to give system administrators more visibility into actions that vault users perform in a vault, see User Action Log.

Annotations and redlining

The Annotation and redlining feature enables you to add annotations to documents in the document vault. You can enable the annotations and redlining feature by checking the Annotations and redlining check box in the Document Vault Properties dialog. For more information about annotations in M-Files, see Annotations and Redlining.

M-Files Web

Enter the URL to your M-Files Web home page. M-Files requires this to include M-Files Web URLs in hyperlinks and M-Files Web links in notification messages.

Make sure that the URL starts either with http:// or https://. For example:

Classic M-Files Web

Enter the URL to your classic M-Files Web home page. M-Files requires this to include classic M-Files Web URLs in hyperlinks and classic M-Files Web links in notification messages.

Make sure that the URL starts either with http:// or https://. For example: