Access Control
Instead of assigning access rights to each user individually(that in any case is also supported), we suggest administrators to assign permissions to groups, what in other systems you may see as "roles".
Role-Based Access Control (RBAC)
Role-Based Access Control works by assigning permissions to roles (like admin, author, or guest) rather than to individual users. Employees are then placed into these roles, automatically inheriting the exact access rights needed for their specific job functions. To understand how RBAC works, you can break it down into these core components.
1
Permissions
Specific actions allowed on a resource like a folder or a document, such as read, write, edit.
Complete list of Permissions
| Permission | Applicable Resources | Actions Allowed on Resources |
|---|---|---|
| Read | all | accessing and using |
| Preview | document | displaying in the interface |
| document | printing | |
| Download | document, folder | extracting from the platform |
| document | including the resource in an email | |
| Write | all | editing |
| Add | folder | adding new elements inside |
| Security | document, folder | managing security policies |
| Immutable | document | enabling immutability |
| Password | document | protecting with a password |
| Delete | all | logically removing |
| Move | document, folder | moving into another location |
| Rename | document, folder | modifying the name |
| Custom ID | document | editing the Custom ID |
| Revision | document | editing the Revision |
| Import | folder | importing from .zip archives or other source |
| Export | folder | exporting to .zip archive or other target |
| Sign | document | digitally signing |
| Archive | document, folder | archiving or inserting into an export archive |
| Workflow | document | launchin a new workflow instance |
| Calendar | document | creating a calendar event |
| Subscription | document, folder | subscribing other users to the issued alerts |
| Automation | document, folder | invoking an automation routine |
| Reading request | document | sending a reading request |
| Store | folder | changing the default store |
Admins can do everything
The users in the admin group always have full permissions on all the resources.Everywhere you have an object sensible of security policies like folders or documents, you can grant permissions to groups.
2
Groups (roles)
Collections of permissions created to match specific job responsibilities (e.g., an "Accountant" role has permission to read invoices and create payrolls).
3
Users
The system accounts assigned to the groups. A user may be assigned to one or more groups.
Scalability and Security
The main advantage of this model is scale and security. When an employee is hired or changes departments, you simply assign them a new role. If a permission changes (for example, allowing a manager to approve software purchases), you just update the manager role, and everyone with that role gets the new access instantly.