Object Permissions

To open the Permissions dialog of an M-Files object, click the permissions area at the bottom of the metadata card.

You can quickly select the document permissions with named access control lists.

Editing object permissions

To edit the object permissions, click the Permissions area on the metadata card. The object has automatic permissions if the Selected permission settings section of the Permissions dialog shows a list with columns Source, Description, and Active. To edit these permissions, see Permissions from many sources.

If the object does not have automatic permissions, you can select Full control for all internal users, Only for me, or the drop-down menu to use a named access control list.

To specify other permissions, click Edit. In the dialog that opens, unselect Use named access control list. Click Add to show all users, user groups, and pseudo-users registered in M-Files, and edit the permissions for them. Click Remove to remove users, user groups, and pseudo-users from the access control list. To specify what the users can do with the object, see Allowing and denying permissions.

Tip: When you edit the permissions of many objects, we recommend for performance reasons that you do not make other metadata changes at the same time.

Permissions from many sources

If the effective permissions of the object come from many sources, meaning that – in addition to its own permissions settings – its access rights are affected by automatic permissions, the Permissions dialog displays the sources in the Selected permission settings section.

Effective permissions from many sources.

In the Permissions dialog, you can select the final permissions of the object. In order for any specific permission, such as read or edit access, to be granted for a specific user, all of the permissions in effect, at all levels, must allow it simultaneously.

The Selected permission settings section contains the columns explained below.


The Source column indicates the source from which the object has received a given permission. In the example image further above, the object has automatic permissions granted through the project IT Training, and the object's own permissions (This object). Both of them restrict the final permissions of the object.


The Description column provides descriptive text for the permission. If you have created an automatic permission rule based on a value, a value list, or an object type and named it, the name is displayed in this column.


If you can bypass the automatic permissions when you specify automatic permissions for the relevant value, value list, or object type, you can deselect the permission in question to deactivate the automatic permissions given through the value. This causes the permission setting to no longer be active and influence the final permissions of the object.

Allowing and denying permissions

To specify what the users are allowed to do with the object, go to the Permissions dialog and click Edit. The available options are All, Change permissions, Remove, Edit, and Read. You can allow a permission by selecting Allow and deny it by selecting Deny.

A user with Read permissions is allowed to open the files contained by the object, as well as to view its properties. The user cannot check out the document, and is thus not able to make any changes to it. If the user does not have Read permissions to the document, it will not be visible to the user in views or search results.

Edit permissions enable users to freely edit the document. These permissions automatically include Read permission and Edit permissions. Edit permissions do not encompass any deletion rights.

Remove permissions allow users to delete the document but not destroy it altogether. Deletion rights do not encompass any other rights.

The right to Change permissions determines whether the user is allowed to change the permissions for the document in question. These permissions do not include any other permissions, and they can be used independently of the other permissions.
Note: Users with the right to Change permissions enable them to specify any other permission for themselves.


Denied permissions always take precedence over allowed permissions. This means, for instance, the following: User A is a member of user group B. User group B has the Edit permission for document C. User A, on the other hand, does not have Edit permissions for document C. Even though user A has Edit permissions for document C by means of user group B, user A cannot modify the document, because it has been separately denied from user A.