Permissions

Video: Permissions

Editing permissions

You can edit the permissions by first clicking the Permissions area on the metadata card and the clicking the Edit... button in the Permissions dialog.

When you want to edit the permissions, first deselect the Use named access control list checkbox. By clicking the Add... button, you can display all users, user groups, and pseudo-users registered in M-Files and edit the permissions for each of them. With the Remove button, you can remove users, user groups, and pseudo-users from the access control list. If you want to edit this user list, open M-Files Admin and refer to Users or User Groups.

Also refer to the specification of pseudo-users in Pseudo-users.

Multilevel permission system

You can view and modify the permissions of the object via the permissions area at the bottom of the metadata card. The options available are All, Change permissions, Remove, Edit, and Read. You can allow a permission by selecting Allow and deny it by selecting Deny.

A user with Read permissions is allowed to open the files contained by the object, as well as to view its properties. The user cannot check out the document, and is thus not able to make any changes to it. If the user does not have Read permissions to the document, it will not be visible to the user in views or search results.

Edit permissions enable users to freely edit the document. These permissions automatically include Read permission and Edit permissions. Edit permissions do not encompass any deletion rights.

Remove permissions allow users to delete the document but not destroy it altogether. Deletion rights do not encompass any other rights.

Example

Denied permissions always take precedence over allowed permissions. This means, for instance, the following: User A is a member of user group B. User group B has the Edit permission for document C. User A, on the other hand, does not have Edit permissions for document C. Even though user A has Edit permissions for document C by means of user group B, user A cannot modify the document, because it has been separately denied from user A.

Selected permissions

The document or object may have its own permissions, and the object may also have different automatic permissions via its properties. Any given permissions must be granted by all these settings in order to be effective.

On the Permissions tab for the object, the user can check the permissions that influence the final permissions 
of the object. In order for any specific permission, such as read or edit access, to be granted for a specific user, all of the permissions in effect, at all levels, must allow it simultaneously.

For more information on internal restrictions to permissions and valid permissions, refer to Effective Permissions.

Source

The "Source" column indicates the source from which the object has received a given permission. In the example, the object has automatic permissions granted via the project (Project name [Project]), and the object's own permissions (This object). Both of them restrict the final permissions of the object.

Description

The "Description" column provides descriptive text for the permission. Note: If you have created an automatic permission by value, value list, or object type and named it, the name is displayed in this column.

Active

If the users have been allowed to bypass the automatic permissions when they are specifying automatic permissions for the relevant value, value list, or object type, the user can deactivate the automatic permissions granted via the value by deselecting the permission in question. Then the permission is not active anymore and it does not influence the object's final permissions.

Details

You can enter the Permissions dialog box either via the ... icon or Details icon. Use the Add and Remove buttons to add or remove users.

Effective Permissions

For more information on internal restrictions to permissions and valid permissions, refer to Effective Permissions.