Personal tools
Sections
You are here: Home Products Help Center OpenEngagement DMS 2.5 Detailed Security Specifications
Document Actions

Detailed Security Specifications

Note: This is the print view with all the Reference Manual pages on one page. The paginated version is available here, if you prefer that.

A series of tables listing which actions may be performed by which users on each object type, given the state of the objects.

1. Introduction to the Detailed Security Specifications

In general, permissions refer to what actions (such as view, edit, delete, etc.) may be performed on what items by what users. Workflow allows us to enhance this, so that different permissions apply to items while they are in different states. For example, Reviewers can edit Engagements when they are in the Review state, but not when they are in the Archived state.

Note: an item (also referred to as object) is an instance of a content type. An item may be, for example, a single Engagement, or a single Entity. Each Engagement, each Entity, and each instance of all other types is, at any point in time, in a single discreet state.

Items do not inherit the state or workflow of their parents, since all items have their own type and their own state. The workflow of items is not affected by the state of any parent objects. For example, the set of actions that can be performed on a given Engagement by a given user are the same regardless of the state of the Entity (i.e., Active or Inactive) in which the engagement appears.

The tables in this section of the documentation give a detailed description of the permissions for each object type, in each state, for each role. Since Administrators can do everything, and Anonymous users can do nothing, they are not shown in these tables. TTW indicates Through the Web (or through the web browser interface); Go-Btwn indicates through the Go-Between.

In the charts below, hyphens indicate the action is not possible. In most cases where a hyphen is shown, it is in the Go-Btwn column and is because the functionality is not available in the Go-Between. Currently, the permissions are otherwise the same for the TTW and Go-Between interfaces in all cases. Y indicates the action is permitted, and N that it is not. The grey table cells are where an action is possible, and so all grey cells should contain either a Y, N or -.
 
In the tables, Set Properties refers to setting values in the Properties tab, such as keywords.

These tables assume the reserve/release system is not enabled.

2. Permissions On Areas and Smart Folders

Action
Site Manager
Entity Manager
Engagement Manager
Preparer
Reviewer
Reader
TTW
Go-Btwn
TTW
Go-Btwn
TTW
Go-Btwn
TTW
Go-Btwn
TTW
Go-Btwn
TTW
Go-Btwn
Create
Y
-
N
-
N
-
N
-
N
-
N
-
Delete
Y
-
N
-
N
-
N
-
N
-
N
-
Cut/Paste
Y
-
N
-
N
-
N
-
N
-
N
-
View
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Modify fields
Y
-
N
-
N
-
N
-
N
-
N
-
Assign local roles
Y
-
N
-
N
-
N
-
N
-
N
-

 

Other than where each may be created, and how they are displayed, there are no differences between Areas, and Smart Folders.
Only Managers and Site Managers can create, delete, and edit Areas or Smart Folders, or assign local roles, but any Member can view Areas and Smart Folders.
Site Managers can assign any local role other than Manager, including Site Manager.
The permissions to cut & paste are always the same. If a user has permission to cut a given object type in a given location, they can also paste that object type in that location.
Modifying field values and changing local roles require the item be signed out. Any user who has permission to edit an item may sign it out, provided it is not signed out by another user.
 

3. Entities (Active or Inactive) and Sections

 
 
 
Action
Site Manager
Entity Manager
Engagement Manager
Preparer
Reviewer
Reader
TTW
Go-Btwn
TTW
Go-Btwn
TTW
Go-Btwn
TTW
Go-Btwn
TTW
Go-Btwn
TTW
Go-Btwn
Create Entity
 
Y
-
Y
-
N
-
N
-
N
-
N
-
Create Section
 
Y
-
Y
-
N
-
N
-
N
-
N
-

Create Engagement

 Y Y N N Y Y N N N N N N
Delete Entity
 
Y
-
N
-
N
-
N
-
N
-
N
-
Delete Section
 
Y
-
N
-
N
-
N
-
N
-
N
-
Cut/Paste
 
Y
-
Y
-
N
-
N
-
N
-
N
-
View Entity
 
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Edit
 
Y
-
Y
-
N
-
N
-
N
-
N
-
See in Listings
 
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Assign Local Roles
 
Y
-
Y
-
N
-
N
-
N
-
N
-
State Changes for Entities
 
 
 
 
 
 
 
 
 
 
 
 
 
Make Active
 
Y
-
Y
-
N
-
N
-
N
-
N
-
Make Inactive
 
Y
-
Y
-
N
-
N
-
N
-
N
-
 
 

All Members may view all Entities, and may therefore find all Entities in searches. The Engagement Manager, Preparer, Reviewer and Reader roles apply to Documents, and these roles give users no permissions on Entities; these users can only do what any Member can do on Entities.

 

No actions on Entities may be performed through the Go-Between.

 

Modifying field values and changing local roles require the item be signed out. Any user who has permission to edit an item may sign it out, provided it is not signed out by another user.

4. Engagement – Active (Not Signed Out)

 
Action
Site Manager
Entity Manager
Engagement Manager
Preparer
Reviewer
Reader
TTW
Go-Btwn
TTW
Go-Btwn
TTW
Go-Btwn