Document Actions
2.
Summary of the Roles in the DMS
Up one level
Users can perform actions only if any of their site-wide or local roles give them permission to. The roles are additive, so users usually have more roles as they navigate down the tree. For example if the site is organized as such:
Root
DMS Area (Area) (Alice - Reader)
Client XYZ (Entity) (Alice - Preparer)
Tax (Section) (Alice - Engagement Manager)
tax2004 (Engagement) (Alice - Manager)
Here, the object types are shown in parenthesis and the local roles in red. The user Alice has the Reader role at the Area level. She has the Reader and Preparer roles at the Entity level. She has the Reader, Preparer, and Engagement Manager roles at the Section level, and she has all four roles at the Engagement level.
The OpenEngagement DMS has several roles, ordered roughly from most to least power:
-Administrator
-Manager
-Site Manager
-Entity Manager
-Engagement Manager
-Reviewer
-Preparer
-Reader
-Member
-Anonymous
Roles give users permissions to perform certain actions. For example, one permission is the permission to view an Engagement. Users with the Reader role may view an Engagement, but users with only the Member role may not.
When a user first views the OpenEngagement DMS using a web browser, they are not yet logged in. (This is not the case when using the Go-Between, since with the Go-Between, giving your username and password is done before anything else). They are, then, Anonymous. Once logged in, they will have at least the Member role site-wide. The Member role, however, grants the user very few permissions. They may, though, also have additional roles, either across the entire site, or within specific parts of the site.
Once logged in, it's often possible for a user to close their web browser and then open another browser shortly afterward and have their session preserved. In this case, they won't have to log in again. If users explicitly log out, or leave their web browsers closed for too long, they will have to log in again the next time they access the site.
Users may often have multiple roles. For example, they may, site-wide, have both the Entity Manager and Engagement Manger roles. This means, anywhere on the site, they may perform any actions that are permitted by either the Entity Manager role or the Engagement Manager role. Note though, it is recommended that most users do not have any site-wide roles, and that for the most part, users are given only local roles.
Giving a user site-wide roles is equivalent to giving them those roles at the root.
The Engagement Manger, Preparer, Reviewer and Reader roles apply specifically to permissions related to Documents, and the Entity Manager role applies specifically to permissions related to Entities. The Site Manager role is equivalent to having the Entity Manager and Engagement Manager roles, as well as some additional permissions (deleting content, creating and deleting users, access to the Keyword Manager tool and so on). Managers have all the power of Site Managers, and as well have access to most of the ZMI. Administrators have all the power of Managers, and as well have access to all of the ZMI.
Note though, the Manager and Administrator roles are available only on Local Solutions, where access the ZMI (a set of administrative pages) is necessary. As the Manager role only pertains to granting access to the ZMI, the Manager role can only be assigned site-wide and not locally.