Creating a user

Under the Users node of a vault in M-Files Admin, you can add users to the vault, thus assigning a name to the user and specifying the user's permissions. Each user object is based on a server login account (see Login accounts overview).

M-Files assigns each user a unique ID, which can be found in the user's properties in M-Files Admin.

As a general rule, do not delete users from the vault because they have a lot of information that can still be necessary later on. The user objects have, among other things, user interface preferences, information about the favorite objects of the user, and records about notifications related to the user. In M-Files Admin, you cannot undo the delete operation. Delete a user only if you are fully sure the user information is no longer necessary. Instead, you can disable the user. For more information about disabled users, see the user options in the on-premises procedure.

Creating a user in M-Files Cloud

In M-Files Cloud, you can create a user in M-Files Manage.

  1. Log in to M-Files Manage at https://manage.m-files.com.
  2. In the top-right corner of the user interface, select Create ().
  3. Select Create user.
    Result:The Create user dialog is opened.
  4. Select the authentication method.
    Note: When you create a user with Microsoft Entra ID authentication, the username in M-Files Manage must match the user principal name (UPN) in the user's Microsoft Entra ID home tenant.

    For more information, see Login account properties.

  5. Enter the user information.
    Setting Description Example value
    Full name Enter the user's full name. Jane Doe
    Email Enter the user's email address. [email protected]
    Username When you enter the email, the username is pre-filled. You can change it if necessary. jane.doe
    License type See the descriptions in License type. Named
    Vault access Select a vault to which this user will have access. You can give access to one or more vaults.
  6. Select Create.

Creating a user in on-premises environments

To create a user to a selected vault:

  1. Open M-Files Admin.
  2. In the left-side tree view, expand a connection to M-Files server.
  3. Expand Document Vaults.
  4. Expand a vault.
  5. Select Users.
    Tip: If the list contains a large number of items, you can filter it. To filter the view, open the View menu and select Filter. Enter a desired text to filter the column contents.
  6. Select New User on the task area.
    Result:The New User dialog is opened.
  7. Use the Login account drop-down menu to select a login account for the user or select New login account from the same drop-down menu to create a new login account for the user.
    For instructions on creating a new login account, see Creating a login account.
    Result:The Full name field is updated with the full name information of the selected login account.
  8. Use the Vault language drop-down menu to select the default vault language for the user from the list of available vault languages.
    For instructions on adding a new vault language, see Managing languages and translations.
  9. Set the properties and administrative rights for the new user in the selected vault by checking or unchecking the relevant check boxes:
    OptionDescription
    External user

    Users can be grouped into external and internal users. A user can be defined as an external user by enabling the External user option. External users cannot see or access any documents other than those specifically marked for them. By default, they do not have permissions to view any documents. For example, you can define your customers as external users and grant them access to customer-specific documents in the document vault.

    As stated above, external users do not, by default, have permissions for accessing any documents. To share a document with an external user, access must be explicitly granted in the permissions of the document.
    Note: Object permissions are updated as an asynchronous background task. Object permissions can be updated when, for example, a named access control list, a user, a user group, or the value of a pseudo-user (such as a project manager) is modified. You can monitor the progress of the task in M-Files Admin in the Background Tasks section. For more information, see Monitoring background tasks.
    User account is disabled

    When the account is disabled, the user cannot access the document vault. Logging in to the document vault has been disabled, but the user information is retained. The account can be easily enabled again by unchecking this check box when necessary. For example, when you want an employee's account to be disabled during her vacation for data security reasons.
    User cannot create documents or other objects

    The user cannot create documents or other objects in the vault but can, for example, read them if provided with the necessary permissions.
    User cannot create or edit traditional folders

    The user cannot create traditional folders in the vault or edit existing traditional folders.
    User cannot create or edit private views or notification rules The user cannot create or edit private views or private notification rules. Private views and notification rules are visible only to the user who created them, whereas common ones are visible to all vault users.
    Full control of vault

    With this option, the user is assigned all administrative permissions in the vault.
    See and read all vault content (including deleted objects)

    Regardless of the permissions specified for a document or object, a user with this permission can see and read all objects, including deleted ones.
    See and undelete deleted objects

    The user has the permission to restore documents and other objects marked as deleted.
    Destroy objects

    The user has the permission to permanently destroy objects.
    Force undo checkout

    A user with this permission can undo the checkout made by another user. For example, if a user has forgotten to check in a document that others must be able to edit, a user with this permission can check in the document. In this case, the changes made to the document during the checkout will not be saved on the server.
    Change permissions for all objects
    The user has the right to change the permissions for any object that they are permitted to see. You can edit the permissions for an object, for instance, remove the write permission to a document from other users.
    Note: The user with this permission has the power to obtain edit rights to documents that they would normally be able to only read.
    Change metadata structure
    The user has the permission to edit document vault metadata, such as add new document classes or value lists. For example, if you want to change the Invoice document class so that the Project property field must be filled in for each invoice, you can make the change if you have this permission. Even if the user does not have the permission to do this, the user can still add new metadata fields to individual objects using the metadata card.
    Note: With this permission, users can see metadata structure items and other vault information that they would not otherwise have permission to see, such as value lists, object types, and named access control lists.
    Manage workflows

    This permission enables the user to create, edit and delete workflows in M-Files Admin.
    Manage user accounts

    The user has the permission to manage login accounts in the selected document vault. With this permission, you can, for instance, add or remove users from the document vault.
    Manage common views and notification rules
    With this permission, you can create views visible to all vault users. You can also specify common notification rules. You can create common views and notification rules in the classic M-Files Desktop.
    Note: For more information on common views, see Using Views. For more information on common notification rules, see Editing notification settings in the Classic M-Files Desktop.
  10. Optional: On the Permissions tab, specify the users or user groups who can see this user.
    The system administrator and all users with full control of the document vault in question always see all users.
    1. On the Users and user groups list, select the user or the user group for which you wish to set the permissions for seeing this user.
      If the desired user or user group is not on the list, select Add to add the user or user group to the Users and user groups list.
    2. Check either the Allow or Deny check box to edit the permissions of the selected user.
  11. Select OK once you are done.
A new user is created and it is listed in the Users list. The new user can now access the selected document vault with the permissions that you have defined.
Note: You can also import domain users to M-Files. For instructions, see Importing users.