Roles and permissions: Manage
Fusion includes default roles at the Manage application level and at the individual workspace level. You can edit these default roles to modify permissions or you can create your own roles with the desired permissions. In either case, the access and actions associated with the permissions cannot be changed.
When editing the default roles or creating your own, it is important to understand the permissions and how applying them affects users' capabilities within Manage.
If you have configured custom file protection actions in Fusion, the accompanying custom permissions display beneath the included default permissions. You can add the custom permissions to existing roles, or create new roles under Manage and Workspace Security for the specific use case of the custom action. For more information about custom actions, see "File protection" in the Connect Help Center.
The Manage permissions grant users specific abilities at the application level.
Permission | Description | Limits |
---|---|---|
Add and remove items from workbook |
User can add and remove items from a workbook. Only static tags can be removed from items. |
Must have permission at both the application and workspace security levels. |
Add items to hold | User can add items to holds. | Must have permission at both the application and workspace security levels. |
Apply and remove tags | User can apply and remove tags from documents within assigned workspaces. | |
Approve and reject policies | User can approve or reject actions that require approval prior to being implemented, such as deletion of items from original source. | Must have permission at both the application and workspace security levels. |
Delete documents | User can delete an item from the original source. | Must have permission at both the application and workspace security levels. |
Edit security for all workspaces | User can change the security of any workspace, including those they have not been assigned to. |
Must have additional permissions to do anything else related to a workspace. CAUTION: Due to the broad access of this permission, it is not assigned to any default roles. Be mindful when assigning this permission. |
Export data | User can initiate an export of data. | Must have permission at both the application and workspace security levels. |
Index and collect data | User can initiate file analysis and collection. | Must have permission at both the application and workspace security levels. |
Manage categories | User can create, edit, and delete categories. | Must have permission at both the application and workspace security levels. |
Manage configuration | User can create, edit, and delete workspace templates. | |
Manage data subjects | User can create, edit, and delete data subjects from a workspace. | Must have permission at both the application and workspace security levels. |
Manage export locations | User can create, edit, and delete export locations. | Must have permission at both the application and workspace security levels. |
Manage holds | User can create, edit, and release holds. |
Must have permission at both the application and workspace security levels. Must also have "Add items to hold" permission to add items to a hold. |
Manage workbooks | User can create, edit, and delete workbooks. |
Must have permission at both the application and workspace security levels. Must also have "Add and remove items from a workbook" to add or remove items from the workbook. |
Manage workspaces |
User can create, edit, and close workspaces. This includes the ability to edit the name and description of Research and legacy datasets within a workspace. |
Must also have the specific workspace security level permission required to perform the action.
If no additional workspace security permission assigned, user can only create workspaces. NOTE: Required to create a workspace from a document list in Analyze. This action includes creating the dataset within the workspace. |
OCR documents | User can apply optical character recognition to documents in a workbook. | Must have permission at both the application and workspace security levels. |
Protect documents | User can apply protection to documents in a workbook. | Must have permission at both the application and workspace security levels. |
Release holds | User can release holds. | Must have permission at both the application and workspace security levels. |
Search and view documents | User can search for and view documents. | Must have permission at both the application and workspace security levels. |
Send documents to target | User can send documents to targets within defined destinations. | Must have permission at both the application and workspace security levels. |
View all workspaces | User can see all workspaces, including those they have not been assigned to. |
Must have additional permissions to do anything else related workspace. CAUTION: Due to the broad access of this permission, it is not assigned to any default roles. Be mindful when assigning this permission. |
View audit | User can view details for all activity related to a workspace and the workbooks and documents associated with the workspace. | Must have permission at both the application and workspace security levels. |
View masked content |
User can view masked content without the masking, allowing them to see the original content. Masking is applied to grammar values. When not selected, the user sees either a message that they do not have permission to view the item (item has not had grammar values extracted) or sees the item contents with the identified grammar value masked (item has had grammar values extracted). |
CAUTION: Due to the broad access of this permission, it is not assigned to any default roles. Be mindful when assigning this permission. |
[custom actions] | User has the permission, in general, to perform the custom action. |
Must have permission at both the application and workspace security level. To enable a custom action for a user
|
The Workspace Security permissions grant users the ability to perform specific actions on the workspaces to which they are assigned. For example, you give John Smith permission to add items to holds at the workspace security level. John Smith can only add items to holds for the workspaces he is assigned. In some instances, application level permissions must be combined with individual workspace security permissions.
Permission | Description | Limits |
---|---|---|
Add and remove items from workbook |
User can add and remove items from a workbook. Only static tags can be removed from items. |
Must have permission at both the application and workspace security levels. |
Add items to hold | User can add items to holds. | Must have permission at both the application and workspace security levels. |
Approve and reject policies | User can approve or reject actions that require approval prior to being implemented, such as deletion of items from original source. | Must have permission at both the application and workspace security levels. |
Close and reopen workspaces | User can close and reopen assigned workspaces. | Must also have "Manage workspaces" application level permission. |
Delete documents | User can delete an item from the original source. | Must have permission at both the application and workspace security levels. |
Download documents | User can download documents | |
Edit workspace metadata |
User can edit the details of a workspace. This includes the ability to edit the name and description of Research and legacy datasets within a workspace. |
Must also have "Manage workspaces" application level permission. |
Edit workspace security | User can edit the list of users who have access to a workspace and can assign workspace security level roles to those users. | Must also have "Manage workspaces" application level permission. |
Export data | User can initiate an export of data. | Must have permission at both the application and workspace security levels. |
Index and collect data | User can initiate file analysis and collection. | Must have permission at both the application and workspace security levels. |
Manage categories | User can create, edit, and delete categories. | Must have permission at both the application and workspace security levels. |
Manage data subjects | User can create, edit, and delete data subjects from a workspace. | Must have permission at both the application and workspace security levels. |
Manage export locations | User can create, edit, and delete export locations. | Must have permission at both the application and workspace security levels. |
Manage holds | User can create, edit, and release holds. |
Must have permission at both the application and workspace security levels. Must also have "Add items to hold" permission to add items to a hold. |
Manage workbooks | User can create, edit, and delete workbooks. |
Must have permission at both the application and workspace security levels. Must also have "Add and remove items from a workbook" to add or remove items from the workbook. |
OCR documents | User can apply optical character recognition to documents in a workbook. | Must have permission at both the application and workspace security levels. |
Preview documents |
User can view the content of items. When not selected, document view options that include the document preview panel are not available to the user. |
Must also have the "Search and view documents" permission. |
Protect documents | User can apply protection to documents in a workbook. | Must have permission at both the application and workspace security levels. |
Release holds | User can release holds. | Must have permission at both the application and workspace security levels. |
Search and view documents | User can search for and view documents. | Must have permission at both the application and workspace security levels. |
Send documents to target |
User can send documents to targets within defined destinations |
Must have permission at both the application and workspace security levels. |
View audit | User can view details for all activity related to a workspace and the workbooks and documents associated with the workspace. | Must have permission at both the application and workspace security levels. |
View grammar values | User can view the values of identified grammar rules in the document view panel. | |
[custom actions] | When assigned to a workbook with a role that includes the permission, user can perform the custom action. |
Must have permission at both the application and workspace security level. To enable a custom action for a user
|