Creating a New Named Access Control List

  1. Open M-Files Admin.
  2. In the left-side tree view, expand a connection to M-Files Server.
  3. In the left-side tree view, expand Document Vaults, and then expand a vault.
  4. Still in the left-side tree view, select the Named Access Control Lists node.
  5. Click New Named Access Control List... on the task area.
    Result:The Named Access Control List Properties dialog is opened.
  6. In the Name field, enter a descriptive name for the named access control list.
    Example:It is recommended to name the named access control list according to the members of the list and the permissions given to them, such as Visible to company management only or Full control for all internal users.
  7. Click Add... to add users or user groups to this named access control list.
    Result:The Select Users or User Groups dialog is opened.
  8. Select either:
    • The Users or user groups option and select the users or user groups that you wish to add to this named access control list.
      Tip:

      The best practice to define access rights in named access control lists is via user groups instead of individual users.

      Making changes to named access control lists in large vaults can be very slow and may therefore sometimes cause lock conflicts. Therefore, it is recommended that changes to named access control lists and, in turn, to object permissions are made during off-peak hours when user access to the vault is limited.

      Tip: You can select more than one item at once. Hold down the Ctrl key to select multiple individual items or hold down the ⇧ Shift key to select adjacent items on the list.
      or
    • The User from metadata option and use the drop-down menu to select the property containing users or user groups on the basis of which permissions are granted. For more information, see Pseudo-users.
  9. Click Add to add the selected users or user groups to the named access control list and to close the Select Users or User Groups dialog.
  10. Back in the Named Access Control List Properties dialog, select the user or user group whose permissions you want to adjust from the Users and user groups list.
    Example:
  11. Select the permission that you want to adjust and check either:
    • The Allow check box if you want to allow the selected permission for the user or user group.
      or
    • The Deny check box if you wanto to deny the selected permission for the user or user group.
      Tip: For optimal performance in large vaults, named access control lists should only be used to allow access rights instead of explicitly denying them.
    Example:
  12. If you want to adjust additional permissions, repeat the steps 10 and 11.
  13. Optional: On the Permissions tab, you can specify the users who can see this named access control list.
  14. Optional: On the Advanced tab, you can specify an alias for the named access control list.
    For more information, see Associating the Metadata Definitions.

    When you have automatic aliases in use and you write a name on the General tab, the Aliases field on the Advanced tab is automatically filled in. The alias has the format <predefined prefix>.<name>. Define automatic aliases for your vault in the configurations editor.

  15. Click OK.
The new named access control list containing a set of permissions can now be attached to an object using the permission control on the metadata card.