Document Security

Purpose

This document reviews document security.

Document security determines which users have access to a document, and what functions the user can perform on the document.  This includes viewing the document, checking out or checking in new revisions for the document, modifying the document properties, modifying the index field data, moving or copying the document, deleting the document, and changing the document's security.

A user must be an Owner of the document to grant others rights to see it. Essentially, assigning security access to a document shares and makes it visible to those users who have been given permission to that object.

It is best practice to use groups to assign rights to a document. When this is not possible you can permit a user direct access.

 There are three different ways to grant security access to a document.

• Folder Security - provides access to all documents uploaded to the folder
• Project security - provides access to documents from within the project view
• Document security - provides access to an individual document

If you are assigning security to a document that is nested under multiple levels of subfolders, a user must have at least viewer access to the folder structure above the document, meaning the document's parent folder, that parent folder's parent folder, and so on all the way up to the root (top-level) folder. If you are using projects to view documents, then this is not necessary.

Administrators can also control what users view based upon how they configure the menus, pages, and tabs for forms, and projects. Users may have access to a document, but if the top-level menu or tabs do not facilitate a connection to the document, then users will not be able to see it.

The following sections describe how to modify a document's security from the security tab of the document properties, and also give a table for the various level of permissions and what functions they are able to perform on the document. Refer to the Folder Security and Project Security sections for more information on modifying security on those levels.

Assigning Security – Best Practice

In order to promote the least amount of administration, it is recommended that administrators of VisualVault follow certain best practice guidelines. We believe that those guidelines will reduce administration when your business changes, or when users change responsibility within the company. 

Here are several rules that we suggest:

1. Organize users into groups based upon the security they need or roles within the company.
2. When assigning security to an object, assign permissions to a group. We suggest this to reduce the administration of security. If you assign a user to each folder in the document library, you will have to modify the security on each folder to remove that user. If you assigned that user to a group first and then assigned security to the group, you only have to remove the user from the group. Removing the user from one location lessens the complexity of administration.
3. Assign Groups to workflows as much as possible. This is the same principle as number 2 in this list.

We have seen customers benefit greatly from the above principles. Especially when companies have organized their groups based upon roles that employees assume within the company. If an employee becomes a purchaser, the administrator does not have to think about all the locations the new purchaser needs access to. They simply need to assign the new purchaser to the purchaser group.

Modifying Security at the Document Level

1. Navigate to the Security tab of the document's properties. This can be accomplished by clicking Security in the document context menu, or opening the document properties and clicking the Security tab.
2. Click the Modify Security button.
   
3. Select the user(s) or group(s) from the Member Selection column to add permissions to the document, or select from the Assigned Members to remove their permissions from the document.
4. Select the type of permission to assign to the user(s), or select Remove to remove the user(s) from the assigned list.
5.  Close the window.
   

Even though document security can be modified on the individual document level, it is not possible to remove a user's permissions to the document that is assigned at the folder level. For example, if user has viewer access to a folder, they will always have at least viewer access to all of the documents within that folder. The user cannot have their viewing privileges removed for one of the documents within that folder.

It is strongly recommended that groups be used to assign permissions throughout VisualVault. This will ease the administrative overhead when needing to remove permissions for specific users.

Roles & Permissions

Roles & Permissions allow an administrator to configure a set of permissions over roles which can then be assigned to users or groups. 

Context-Sensitive Menus (Context Menu)

In order to facilitate rapid access to document information, users can right-click on any document in VisualVault and select the option they wish to see. Users will be presented with a menu based upon their rights and permissions to the document. This topic will discuss the various options and what is visible for the user depending on their rights.

An owner or VaultAccess user within VisualVault will get the following context-sensitive menu when right-clicking on a document:

Default Context Sensitive Menu for Documents

The following sections document every aspect of the context-sensitive menu and specify which menu items are available to a user based upon their rights to that document.  

Summary

Summary is visible to all users. When selected users will view the information contained on the Document ID Card. 

Folder Path

The folder path menu item is visible to all users who have access to the document. When selected, users will be taken to the folder where the document resides in the Document Library.  

View\Open Document

View\Open Document is visible to all users. When selected users will download and/or open the document.

Send Email

Send Email menu item is also available to all users. When selected the Local email client will be launched, or the VisualVault browser email client will be launched so the user can send an email with a link to the document.  

Workflow

Workflow is visible to users who have editor rights or higher. This menu selection allows users to create ad-hoc workflows, view active workflows, or view the history of workflows for a document.

Check-Out/Check-in

Check-Out/Check-in is visible to users with editor rights or higher. When Check-Out is selected the document is checked out and a  icon is placed in front of the document. The context-sensitive menu for documents then changes to allow users to Check-in or Undo Checkout as needed.

Fax Document

The Fax Document menu item allows users to fax the document if the system is configured to integrate with eFax.  

Revisions

Revisions are visible to users with editor rights or higher. When selected users will be taken to the revisions tab of the Document ID Card.

Related Documents

Related Document is visible to all users. Users can view the number of documents associated with the Document ID card before navigating into the card. Also, users are taken to the respective tab when they select the item in the menu.

Related Forms

Related Forms are visible to all users. Users are taken to forms related to the document when selecting the Related Forms menu option. Users can see the number of forms associated with a document before navigating to the Forms tab of the Document ID Card.  

Related Projects

Related Projects are visible to all users. Users are taken to the forms tab of the document when Related Projects menu options are selected. Users can see the number of projects associated with the document before browsing to the Document ID Card.  

History

History is visible to users with editor rights or higher. This menu takes users to the History of the Document ID Card.

Security

Security is visible to users with owner rights or higher. This menu takes users to manage the security of the Document.  

Training

Training is visible to users with editor rights or higher. This menu takes users to the training tab of the Document ID Card.  

Properties

Properties are visible to all users. Users will be taken to the ID Card of the document when this option is selected.

Users can find the context-sensitive menus for documents on any screen where a document is listed.