Creating a New Named Access Control List

  1. Open M-Files Admin.
  2. In the left-side tree view, expand a connection to M-Files server.
  3. Expand Document Vaults.
  4. Expand a vault.
  5. Click Named Access Control Lists.
  6. In the task area, click New Named Access Control List.
    Tip: You can also use an existing access control list as a template. To do this, right-click one of the existing ones in the listing area and select Create Copy.
  7. In the Name field, enter a descriptive name for the named access control list.
    Example:It is recommended to name the named access control list according to the members of the list and the permissions given to them, such as Visible to company management only.
  8. Click Add to add users or user groups to this named access control list.
    Result:The Select Users or User Groups dialog is opened.
  9. Select one of these options:
    • The Users or user groups option and select the users or user groups that you wish to add to this named access control list.
      Tip:

      The best practice to specify access rights in named access control lists is through user groups instead of individual users.

      Making changes to named access control lists in large vaults can be very slow and may therefore sometimes cause lock conflicts. Therefore, it is recommended that changes to named access control lists and, in turn, to object permissions are made during off-peak hours when user access to the vault is limited.

      Tip: You can select more than one item at once. Hold down the Ctrl key to select multiple individual items or hold down the ⇧ Shift key to select adjacent items on the list.
      or
    • The User from metadata option and use the drop-down menu to select the property containing users or user groups on the basis of which permissions are granted. For more information, see Pseudo-users.
  10. Click Add to add the selected users or user groups to the named access control list and to close the Select Users or User Groups dialog.
  11. Back in the Named Access Control List Properties dialog, select the user or user group whose permissions you want to adjust from the Users and user groups list.
  12. Select the permission that you want to adjust and check either:
    • The Allow check box if you want to allow the selected permission for the user or user group.
      or
    • The Deny check box if you wanto to deny the selected permission for the user or user group.
      Tip: For optimal performance in large vaults, named access control lists should only be used to allow access rights instead of explicitly denying them.
    Example:
  13. If you want to adjust additional permissions, repeat the steps 11 and 12.
  14. Optional: On the Permissions tab, you can specify the users who can see this named access control list.
  15. Optional: On the Advanced tab, you can specify an alias for the named access control list.
    Use semicolons (;) to separate many aliases.
    For more information, see Associating the Metadata Definitions.

    When you have automatic aliases in use and you write a name on the General tab, the Aliases field on the Advanced tab is automatically filled in. The alias has the format <predefined prefix>.<name>. Define automatic aliases for your vault in Advanced Vault Settings.

  16. Click OK.
The new named access control list containing a set of permissions can now be attached to an object with the permission control on the metadata card.