Skip to main content

Access Control

Instead of assigning access rights to each user individually(that in any case is also supported), we suggest administrators to assign permissions to groups, what in other systems you may see as "roles". 

Role-Based Access Control (RBAC)

Role-Based Access Control works by assigning permissions to roles (like admin, author, or guest) rather than to individual users. Employees are then placed into these roles, automatically inheriting the exact access rights needed for their specific job functions. To understand how RBAC works, you can break it down into these core components.

1

Permissions

Specific actions allowed on a resource like a folder or a document, such as read, write, edit.

Complete list of Permissions

PermissionApplicable ResourcesActions Allowed on Resources
Readallaccessing and using
Previewdocumentdisplaying in the interface
Printdocumentprinting
Downloaddocument, folderextracting from the platform
Emaildocumentincluding the resource in an email
Writeallediting
Addfolderadding new elements inside
Securitydocument, foldermanaging security policies
Immutabledocumentenabling immutability
Passworddocumentprotecting with a password
Deletealllogically removing
Movedocument, foldermoving into another location
Renamedocument, foldermodifying the name
Custom IDdocumentediting the Custom ID
Revisiondocumentediting the Revision
Importfolderimporting from .zip archives or other source
Exportfolderexporting to .zip archive or other target
Signdocumentdigitally signing
Archivedocument, folderarchiving or inserting into an export archive
Workflowdocumentlaunchin a new workflow instance
Calendardocumentcreating a calendar event
Subscriptiondocument, foldersubscribing other users to the issued alerts
Automationdocument, folderinvoking an automation routine
Reading requestdocumentsending a reading request
Storefolderchanging the default store

Admins can do everything

The users in the admin group always have full permissions on all the resources.

Everywhere you have an object sensible of security policies like folders or documents, you can grant permissions to groups.

2

Groups (roles)

Collections of permissions created to match specific job responsibilities (e.g., an "Accountant" role has permission to read invoices and create payrolls).

More details about Groups 

3

Users

The system accounts assigned to the groups. A user may be assigned to one or more groups.

More details about Users 

Scalability and Security

The main advantage of this model is scale and security. When an employee is hired or changes departments, you simply assign them a new role. If a permission changes (for example, allowing a manager to approve software purchases), you just update the manager role, and everyone with that role gets the new access instantly.