Object Permissions

To open the permissions dialog of an M-Files object, click the permissions area at the bottom of the metadata card.

The permissions area is displayed at the bottom of a metadata card.

You can quickly select the document permissions from the drop-down menu in the Permissions dialog. These predefined permissions, or named access control lists, can be modified with M-Files Admin. An access control list consists of various user groups or users and definitions of their permissions.

Editing permissions

You can edit the permissions by first clicking the Permissions area on the metadata card and the clicking the Edit... button in the Permissions dialog.

When you want to edit the permissions, first deselect the Use named access control list checkbox. By clicking the Add... button, you can display all users, user groups, and pseudo-users registered in M-Files and edit the permissions for each of them. With the Remove button, you can remove users, user groups, and pseudo-users from the access control list. If you want to edit the user list, open M-Files Admin and refer to Managing Users and User Groups.

Multilevel permission system

You can view and modify the permissions of the object via the permissions area at the bottom of the metadata card. The options available are All, Change permissions, Remove, Edit, and Read. You can allow a permission by selecting Allow and deny it by selecting Deny.

A user with Read permissions is allowed to open the files contained by the object, as well as to view its properties. The user cannot check out the document, and is thus not able to make any changes to it. If the user does not have Read permissions to the document, it will not be visible to the user in views or search results.

Edit permissions enable users to freely edit the document. These permissions automatically include Read permission and Edit permissions. Edit permissions do not encompass any deletion rights.

Remove permissions allow users to delete the document but not destroy it altogether. Deletion rights do not encompass any other rights.

The right to Change permissions determines whether the user is allowed to change the permissions for the document in question. These permissions do not include any other permissions, and they can be used independently of the other permissions.
Note: Users with the right to Change permissions enable them to specify any other permission for themselves.


Denied permissions always take precedence over allowed permissions. This means, for instance, the following: User A is a member of user group B. User group B has the Edit permission for document C. User A, on the other hand, does not have Edit permissions for document C. Even though user A has Edit permissions for document C by means of user group B, user A cannot modify the document, because it has been separately denied from user A.

Selected permissions

If the effective permissions of the object are affected by multiple sources, meaning that – in addition to its own permissions settings – its access rights are affected by automatic permissions, the Permissions dialog displays the Selected permission settings section.

The Selected permission settings section in the Permissions dialog.

In the Permissions dialog, you can select the final permissions of the object. In order for any specific permission, such as read or edit access, to be granted for a specific user, all of the permissions in effect, at all levels, must allow it simultaneously.

The Selected permission settings section contains the columns explained below.


The Source column indicates the source from which the object has received a given permission. In the example image further above, the object has automatic permissions granted via the project IT Training, and the object's own permissions (This object). Both of them restrict the final permissions of the object.


The Description column provides descriptive text for the permission. If you have created an automatic permission rule based on a value, a value list, or an object type and named it, the name is displayed in this column.


If you are allowed to bypass the automatic permissions when specifying automatic permissions for the relevant value, value list, or object type, you can deactivate the automatic permissions granted via the value by deselecting the permission in question. Then the permission setting is not active anymore and it does not influence the final permissions of the object.