Object Permissions

Editing object permissions

To edit the object permissions, select the Permissions area on the metadata card. The object has automatic permissions if the Selected permission settings section of the Permissions dialog shows a list with columns Source, Description, and Active. To edit these permissions, see Permissions from many sources.

If the object does not have automatic permissions, you can select Full control for all internal users, Only for me, or the drop-down menu to use a named access control list.

To specify other permissions, select Edit. In the dialog that opens, deselect Use named access control list. Select Add to show all users, user groups, and pseudo-users registered in M-Files, and edit the permissions for them. Select Remove to remove users, user groups, and pseudo-users from the access control list. To specify what the users can do with the object, see Allowing and denying permissions.

Permissions from many sources

If the effective permissions of the object come from many sources, meaning that – in addition to its own permissions settings – its access rights are affected by automatic permissions, the Permissions dialog displays the sources in the Selected permission settings section.

Effective permissions from many sources.

In the Permissions dialog, you can select the final permissions for the object. A user can only do an action on an object if all the permissions the user has to the object allow the action.

The Selected permission settings section contains the columns explained below.

Source

The Source column indicates the source from which the object has received a given permission. In the example image further above, the object has automatic permissions granted through the project IT Training, and the object's own permissions (This object). Both of them restrict the final permissions of the object.

Description

The Description column provides descriptive text for the permission. If you have created an automatic permission rule based on a value, a value list, or an object type and named it, the name is displayed in this column.

Active

If you can bypass the automatic permissions when you specify automatic permissions for the relevant value, value list, or object type, you can deselect the permission in question to deactivate the automatic permissions given through the value. This causes the permission setting to no longer be active and influence the final permissions of the object.

Allowing and denying permissions

To specify what users can do with the object, go to the Permissions dialog and select Edit. The available options are All, Change permissions, Remove, Edit, and Read. To give permission, select Allow. To deny permission, select Deny.

A user with Read permissions can open the files in the object and see object properties. The user cannot check out the document, and thus cannot edit it. If the user does not have Read permissions to the document, the user cannot see the document in views or search results.

Edit permissions let users freely edit the document. These permissions automatically include Read and Edit permissions. Edit permissions do not include the right to delete.

Remove permissions let users delete the document but not destroy it. The right to delete does not include any other rights.

The right to Change permissions specifies whether the user can change the permissions for the document. These permissions do not include any other permissions, and they can be used independently of the other permissions.

Example

Denied permissions always take precedence over given permissions. For example: User A is a member of user group B. User group B has Edit permissions for document C. User A, on the other hand, does not have Edit permissions for document C. Even though user A has Edit permissions for document C by means of user group B, user A cannot edit the document, because user A's personal permissions deny it.