Folder Permissions

Manage your folder permissions when you want to limit access to certain folders in Documents to specific groups of users. You can customize access permissions for folders and subfolders by specific access roles and apply them to all access role members.

[Note] Note

For the on-premise Control Center, you must enable Authentication first.

If you don't enable authentication, Control Center applies the default permissions. All users have full permissions on all folders stored in Documents.

Folder permissions rules

These rules define folder permissions in Documents:

  • You set folder permissions for folders together with access roles. Users can be members of multiple roles that affect reading, writing, editing, and deleting permissions in Documents storage.

  • All permissions you set for a folder apply both to folder contents and to subfolders.

  • Subfolders inherit permissions from parent folders, but you can set custom permissions for each subfolder.

Additional Workflow-related folder permissions rules

When you apply specific workflow processes to your folders, these additional rules apply:

  • If you have read-only access to a folder, you can only read the last approved-published revision of your files. If files are not yet approved-published, you can't read them.

    [Note] Note

    Users in production environments must have read-only access to ensure they see only approved-published revisions.

  • When you have full folder access (read and write permissions), you can read all file revisions.

Changing folder permissions

[Note] Note

You can manage folder permissions if you log on to Control Center as Administrator.

Folder permissions depend on Access Roles.

You can set folder permissions by editing Access Roles.

  1. Go to the Users tab > Access Roles and click a role to customize from the list.

    [Note] Note

    If you want to add a new role, click Add and then follow the steps below.

    For more information about adding Access Roles see a dedicated topic.

  2. Go to Permissions for this role window > Documents tab to set general and default permissions for all folders.

  3. To set custom permissions for specific folders or subfolders, scroll down to Custom Document Permissions.

  4. Select a folder and click Customize.

    Control Center opens the Customize permissions dialogue for the folder you select.

  5. Click specific storage and workflow permissions to apply to this role and folder.

    [Note] Note

    Access role settings you change for this folder apply to all users assigned with this access role.

  6. Click Customize.

    Permissions you set for this role and folder now display in the Custom permissions dialog of Custom document permissions.

  7. Click Save to save your settings and continue working.

Custom folder permissions you set are saved and now apply to all access role members.

Specific access permission options

[Note] Note

For On-premise Control Center you need the Enterprise license and Authentication enabled.

Decommissioning Files

If a published label or solution file becomes obsolete during its life cycle, decommissioning allows you to make the file unavailable for read-only users. Decommissioning makes deleting obsolete files from the Documents storage unnecessary. The Decommissioning Files option just hides the obsolete files and makes it available again using recommissioning.

Decommissioning/Recomisioning is only available if you enable Workflows and Versioning.

To decommission your file in the Documents storage:

  1. Right-click the file to display the context menu and click Decommission. The confirmation window pops up.

    24_decomission.png

  2. Click OK to continue. The confirmation window opens. Type in the reason why you are decommissioning the file.

    After you have decommissioned the file, the file icon gets updated: 102_decomission.png. This icon indicates that the file is no longer visible to the read-only users.

    [Note] Note

    You can decommission files even if they are not currently published. This option is available also for files that are still in the approval process or have been unpublished in the past.

Recommissioning files:

To make the decommissioned files visible again, use recommission option:

  1. Right-click the document to display the context menu and click Recommission.

    24_decomission.png

  2. The confirmation window opens. Type in the reason why you are recommissioning the file. The file is again visible to the members of access roles with read-only privileges.

[Note] Note

You can view the decommissioning/recommissioning events and their details in Control CenterHistory.

By default, members of Administrator and Approver access roles have permission to decommission files. To allow other access roles to perform decommissioning:

  1. Go to Administration > Access Roles.

  2. Select the access role.

  3. In Permissions for this Role go to the Documents tab.

  4. In Default document permissions > Workflows enable or disable Decommission / Recommission files.

Removing published files

By default, only members of the Administrator role access role can remove published files from Documents storage. Administrators can also allow removing the published files to any other access role.

To grant the selected access role the right to remove published files from Documents storage:

  1. Go to Administration > Access Roles.

  2. Select the access role.

  3. In Permissions for this Role > select Documents tab.

  4. Under General Document Permissions (all folders) enable Delete published files .

  5. Click Save (on the top or bottom of the page) to save your settings and continue working.

[Note] Note

You can delete folders that contain published files. If you do not have permission to delete the included files, an error dialog with a list of files that cannot be deleted pops up.