Contact
Administration 3.2 Administration Help Center
Roles and permissions: Manage
Data Discovery includes default roles at the Manage application level and at the individual workspace level. You can edit these default roles to modify permissions or you can create your own roles with the desired permissions. In either case, the access and actions associated with the permissions cannot be changed.
When editing the default roles or creating your own, it is important to understand the permissions and how applying them affects users' capabilities within Manage.
The Manage permissions grant users specific abilities at the application level.
Manage permissions (application level)
| Permission | Description | Limits |
|---|---|---|
| Add and remove items from workbook |
User can add and remove items from a workbook. Only static tags can be removed from items. |
Must have permission at both the application and workspace security levels. |
| Add items to hold | User can add items to holds. | Must have permission at both the application and workspace security levels. |
| Apply and remove tags | User can apply and remove tags from documents within assigned workspaces. | |
| Approve and reject policies | User can approve or reject actions that require approval prior to being implemented, such as deletion of items from original source. | Must have permission at both the application and workspace security levels. |
| Collect data | User can initiate data collection. | Must have permission at both the application and workspace security levels. |
| Delete documents | User can delete an item from the original source. | Must have permission at both the application and workspace security levels. |
| Export data | User can initiate an export of data. | Must have permission at both the application and workspace security levels. |
| Manage categories | User can create, edit, and delete categories. | Must have permission at both the application and workspace security levels. |
| Manage configuration | User can create, edit, and delete workspace templates and data source templates. | |
| Manage data sources | User can create, edit, and deactivate data sources. |
Must also have the specific workspace security level permission required to perform the action.
|
| Manage data subjects | User can create, edit, and delete data subjects from a workspace. | Must have permission at both the application and workspace security levels. |
| Manage export locations | User can create, edit, and delete export locations. | Must have permission at both the application and workspace security levels. |
| Manage holds | User can create, edit, and release holds. |
Must have permission at both the application and workspace security levels. Must also have "Add items to hold" permission to add items to a hold. |
| Manage workbooks | User can create, edit, and delete workbooks. |
Must have permission at both the application and workspace security levels. Must also have "Add and remove items from a workbook" to add or remove items from the workbook. |
| Manage workspaces | User can create, edit, and close workspaces. |
Must also have the specific workspace security level permission required to perform the action.
If no additional workspace security permission assigned, user can only create workspaces. |
| Release holds | User can release holds. | Must have permission at both the application and workspace security levels. |
| Search and view documents | User can search for and view documents. | Must have permission at both the application and workspace security levels. |
| Send documents to target | Users can send documents to targets within defined destinations. | Must have permission at both the application and workspace security levels. |
| View audit | Users can view details for all activity related to a workspace and the workbooks and documents associated with the workspace. | Must have permission at both the application and workspace security levels. |
The workspace security permissions grant users the ability to perform specific actions on the workspaces to which they are assigned. For example, you give John Smith permission to add items to holds at the workspace security level. John Smith can only add items to holds for the workspaces he is assigned. In some instances, application level permissions must be combined with individual workspace security permissions.
Workspace security permissions (individual workspace security level)
| Permission | Description | Limits |
|---|---|---|
| Add and remove items from workbook |
User can add and remove items from a workbook. Only static tags can be removed from items. |
Must have permission at both the application and workspace security levels. |
| Add items to hold | User can add items to holds. | Must have permission at both the application and workspace security levels. |
| Approve and reject policies | User can approve or reject actions that require approval prior to being implemented, such as deletion of items from original source. | Must have permission at both the application and workspace security levels. |
| Close workspaces | User can close assigned workspaces. | Must also have "Manage workspaces" application level permission. |
| Collect data | User can initiate data collection. | Must have permission at both the application and workspace security levels. |
| Create data sources | User can create data sources. | Must also have "Manage data sources" application level permission. |
| Deactivate data sources | User can deactivate data sources. | Must also have "Manage data sources" application level permission. |
| Delete documents | User can delete an item from the original source. | Must have permission at both the application and workspace security levels. |
| Download documents | User can download documents | |
| Edit data sources | User can edit data sources. | Must also have "Manage data sources" application level permission. |
| Edit workspace metadata | User can edit the details of a workspace. | Must also have "Manage workspaces" application level permission. |
| Edit workspace security | Users can edit the list of users who have access to a workspace and can assign workspace security level roles to those users. | Must also have "Manage workspaces" application level permission. |
| Export data | User can initiate an export of data. | Must have permission at both the application and workspace security levels. |
| Manage categories | User can create, edit, and delete categories. | Must have permission at both the application and workspace security levels. |
| Manage data subjects | User can create, edit, and delete data subjects from a workspace. | Must have permission at both the application and workspace security levels. |
| Manage export locations | User can create, edit, and delete export locations. | Must have permission at both the application and workspace security levels. |
| Manage holds | User can create, edit, and release holds. |
Must have permission at both the application and workspace security levels. Must also have "Add items to hold" permission to add items to a hold. |
| Manage workbooks | User can create, edit, and delete workbooks. |
Must have permission at both the application and workspace security levels. Must also have "Add and remove items from a workbook" to add or remove items from the workbook. |
| Release holds | User can release holds. | Must have permission at both the application and workspace security levels. |
| Search and view documents | User can search for and view documents. | Must have permission at both the application and workspace security levels. |
| Send documents to target |
Users can send documents to targets within defined destinations |
Must have permission at both the application and workspace security levels. |
| View audit | Users can view details for all activity related to a workspace and the workbooks and documents associated with the workspace. | Must have permission at both the application and workspace security levels. |