User permissions

What a user can do in Content Manager depends on a number of factors including the user's permissions, Access Controls and security on individual items.

This section attempts to provide an understanding of what the user permissions are all about and how they affect what a user can do in Content Manager.

To simplify assigning individual permissions, Content Manager provides a number of default user types.

A Location's user type and permissions appear in the Location Properties - Profile tab in the list box at the bottom. See Profile page.

  • Administrator
  • Records Manager
  • Records Co-ordinator
  • Knowledge Worker
  • Contributor
  • Inquiry User

You can modify the set of permissions associated with each user type, also called user type permissions. See System Options User Types page.

Particularly useful in Content Manager is the command View Rights that will display the security, Access Controls and allowed tasks for the selected item and generic permissions for the current user.

See View Rights command.

  • User of user type Inquiry User moving records - users of type Inquiry User can move records when the option Allow users without 'Modify Records' permission to change Assignee in the Record Type Properties - Menu page is selected
  • Users of user type Knowledge Worker are allowed to create record relationships for new and existing records
  • A user of user type Knowledge Worker that needs to modify the Access Control of a record after it was created must belong to the Location with Modify Record Access permission on that record. If it is set to Unrestricted, a user of type Knowledge Worker cannot modify Access Control.
  • Users of user type Administrator or Records Manager cannot update their own security profile details.

    Therefore, it is advisable to have at least two users with user type Administrator set up for each dataset.

  • By using the Classification plan, users can search for a record they would not be allowed to create.
    • If the user belongs to an Access Control group that has Can Use access to a Classification, they can create an item using it.
    • If the user belongs to an Access Control group that has View Metadata access to a Classification, they will be able to search for the record using it.
    • If the user belongs to an Access Control group that has both Can Use and View Metadata access to a Classification, they will be able to view and create using it.
  • When selecting the option Use Profile Of on the Profile tab of a Location that is a user of user type Administrator without Security and Audit Administrator permission:
    • You can only have a profile - any field on the Profile tab form - if the Location type is not Unknown
    • You can only have a login if you can have a profile and Location type is not Group
    • A login administrator - i.e. a user with Modify Logins and User Profile permission - cannot change anything on their own profile but their security
    • Only a login administrator can change anything on another user's profile form
    • If the login administrator does not have Security and Audit Administrator permission:
      • they cannot change the user type of any existing user
      • they cannot create a new user of user type Administrator.

        The message You need to be a Security and Audit Administrator to create administrator users appears.

  • The UK PRO requirement is also implemented. When a user is changed from User Profile Of to having an individual profile, Content Manager maintains the settings of the Use Profile Of user so that you can refine it further from that point.

  • Updating an item - unless otherwise specified, means that a user can
    • change any of the item's properties
    • execute tasks that may change data elements associated with an item.
  • Deleting an item - the permanent removal of the item from the database

All user permissions are organised into categories for better management.

  • Record Update permissions - primarily about maintenance of records and/or documents.

    See Record Update permissions by user type.

  • Location Update permissions - for managing Locations.

    See Location Update permissions by user type.

  • Control File Update permissions - for record update functions, for example, updating Record Types, Classifications, Thesaurus terms etc.

    See Control File Update permissions by user type.

  • Workflow/Action Tracking permissions - for Workflow Activities and Actions, for example, attaching Actions or Activities, reassigning Actions or Activities, completing Actions or Activities etc.

    See Workflow and Action tracking permissions by user type.

  • Miscellaneous permissions - they do not fit into the other categories, for example, to edit the business calendar or to use the caption editor etc.

    See Miscellaneous permissions by user type.

  • Location Usage permissions - about what a particular Location in Content Manager can be, for example, can be record Home, can be record Owner, can be record Assignee etc.

    See Location Usage permissions by user type.

    • NOTE: When new permissions are added to new versions of  Content Manager, a schema upgrade is required before they can be customised. Until the schema upgrade occurs, new permissions will be on depending on whether they are enabled by default. This is indicated by a check being placed against the user permission, but the row is shown as grey so the check cannot be changed.