Object Permissions

To open the Permissions dialog of an M-Files object, click the permissions area at the bottom of the metadata card.



You can quickly select the document permissions with named access control lists. An access control list consists of various user groups or users and definitions of their permissions.

Editing object permissions

To edit the object permissions, click the Permissions area on the metadata card. The object has automatic permissions if the Selected permission settings section of the Permissions dialog shows a list with columns Source, Description, and Active. To edit these permissions, see Permissions from many sources.

If the object does not have automatic permissions, you can select Full control for all internal users, Only for me, or the drop-down menu to use a named access control list.

To specify other permissions, click Edit. In the dialog that opens, unselect Use named access control list. Click Add to show all users, user groups, and pseudo-users registered in M-Files, and edit the permissions for them. Click Remove to remove users, user groups, and pseudo-users from the access control list. To specify what the users can do with the object, see Allowing and denying permissions.

Tip: When you edit the permissions of many objects, we recommend for performance reasons that you do not make other metadata changes at the same time.

Permissions from many sources

If the effective permissions of the object come from many sources, meaning that – in addition to its own permissions settings – its access rights are affected by automatic permissions, the Permissions dialog displays the sources in the Selected permission settings section.



Effective permissions from many sources.

In the Permissions dialog, you can select the final permissions of the object. In order for any specific permission, such as read or edit access, to be granted for a specific user, all of the permissions in effect, at all levels, must allow it simultaneously.

The Selected permission settings section contains the columns explained below.

Source

The Source column indicates the source from which the object has received a given permission. In the example image further above, the object has automatic permissions granted via the project IT Training, and the object's own permissions (This object). Both of them restrict the final permissions of the object.

Description

The Description column provides descriptive text for the permission. If you have created an automatic permission rule based on a value, a value list, or an object type and named it, the name is displayed in this column.

Active

If you are allowed to bypass the automatic permissions when specifying automatic permissions for the relevant value, value list, or object type, you can deactivate the automatic permissions granted via the value by deselecting the permission in question. Then the permission setting is not active anymore and it does not influence the final permissions of the object.

Allowing and denying permissions

To specify what the users are allowed to do with the object, go to the Permissions dialog and click Edit. The available options are All, Change permissions, Remove, Edit, and Read. You can allow a permission by selecting Allow and deny it by selecting Deny.

A user with Read permissions is allowed to open the files contained by the object, as well as to view its properties. The user cannot check out the document, and is thus not able to make any changes to it. If the user does not have Read permissions to the document, it will not be visible to the user in views or search results.

Edit permissions enable users to freely edit the document. These permissions automatically include Read permission and Edit permissions. Edit permissions do not encompass any deletion rights.

Remove permissions allow users to delete the document but not destroy it altogether. Deletion rights do not encompass any other rights.

The right to Change permissions determines whether the user is allowed to change the permissions for the document in question. These permissions do not include any other permissions, and they can be used independently of the other permissions.
Note: Users with the right to Change permissions enable them to specify any other permission for themselves.

Example

Denied permissions always take precedence over allowed permissions. This means, for instance, the following: User A is a member of user group B. User group B has the Edit permission for document C. User A, on the other hand, does not have Edit permissions for document C. Even though user A has Edit permissions for document C by means of user group B, user A cannot modify the document, because it has been separately denied from user A.