Documentation Center

User and security

User access control policies provide secure access to the Content Manager repository and all the objects it contains. User roles and groups define access to objects in the repository.

Users

Users are any people who can log into Content Manager and access the repository content. The combination of user group specification, user role assignments, and folder structure defines the actions a user can perform and the information a user can access.

User groups and folders

The user group defines the access the user has to the folders in the repository and objects they contain. Because folders contain specific types of objects, you must consider what content is appropriate for each group to access. For example, library folder content is designed for reuse and therefore it may not be appropriate for all users to modify. If you want to restrict access to library folder content, you can create a separate group to be responsible for creating and maintaining the library folders and restrict all other groups to read-only access for library content.

Permission levels for folders

Permission levels are:

No access
Users cannot see the folder nor can they access the objects in any way, not even through search.
Read-only access
Users can only see and reuse the objects stored in that folder.
Modify access
Users can read-write-delete objects and their metadata.

User roles

User roles determine how a user can participate in the workflow, and the options available in the user interface.

  • Users can have one or more roles.
  • The Settings section of the web client is only visible if you have the user role Administrator.
  • The Inboxes visible to a user depends on the user roles as defined in the inbox configuration.
  • The status transitions that can be done depending on the user roles as defined in the status transition configuration.

User roles and workflow

The user roles map to activities in the workflow. Because the same person may perform many different activities for the team, the same user can be a member of multiple roles.