Permissions and access management

Files and folders can be shared within a Library. However, the Library itself cannot be shared, but you can set access on the Library in the edit mode of the Library widget. The Library owner can decide the permissions to be given to members of a community. Initially, files and folders inherit access settings from their parent.

Global content administrator access for Libraries is configured in FileNet. You can add individual users as administrators, however, it is recommended that you use a group for administrators. By using a group, administrators can be added and removed through directory configuration without changing FileNet, Library, or Connections configurations. See Setting an LDAP group to be domain administrator instead of specific user. For more information about the Library widget, see Configuring Library widget options and defaults.

The following user types can use files and folders:

  • Readers
  • Contributors
  • Editors
  • Owners

The following table shows the user types and their permissions.

User types Permissions

Readers

  • View and download files
  • View folders and metadata
  • Perform social actions (like, follow, comment)

Contributors

  • Upload new files
  • Create subfolders
  • Copy files to folders to which the Contributor has access

Editors

  • Edit file content by uploading a new version
  • Change item properties (Name, Description, or Document Type)
  • Add or remove Tags

Owners

  • Share files
  • Delete and move files to Trash
  • Restore files from Trash
  • Move files

Note the following restrictions on users and permissions:

  • Contributors

    The permissions that are granted to Contributors apply only to folders, so you cannot set Contributors on a file. A user who is a contributor on a folder can read files on that folder by default.

  • Owners

    Owners have the highest role permissions, and cannot be normally set or modified.

  • Created items
    The following are added to an item when it is created:
    • The item creator
    • In a community library, the special group "Community Owners"
  • Sharing files and folders
    You can share with the following users and groups:
    • Individual users
    • Normal groups that exist in the directory for Connections
    • Special groups
      Note: Special groups are handled by Connections and have more dynamic membership than normal groups
  • Owner and member status

    Community owners are all users in a Community with Owner status. Community members are all users in a Community with Member status.

  • Public

    Everyone (public) is all users that have accounts for Connections, and all anonymous users if they are enabled.

  • Special groups

    Special groups are inclusive of each other and the users in the groups. If a special group is on a higher role that a member contained in that group, the special group's role takes precedence.

  • Breaking inheritance

    When you break inheritance on an item, the Library adds all entries, besides the already present Owners, to the item's access list in FileNet. Connection Libraries do not set access directly in the Access Control list on a document in FileNet. Instead, Connection Libraries use a Role object that is added to the document. By using Roles instead of FileNet access lists, access is applied to all versions of a document at the same time. The user does not see the use of the Roles object instead FileNet. Instead, the user interacts with the document access through the sharing tab. Resetting an item's inheritance erases the Role objects that are used for access within FileNet and resets all versions to reinherit from their parent.

  • Inheritance in Libraries and Linked Libraries

    Libraries that are created in Connections by adding a Library widget to a Community, inherit access from that Community. Libraries that are created by manually creating Teamspaces in FileNet or other FileNet applications, do not inherit access from a community. You can reference these Libraries created outside of Connections by using the Linked Library widget.

    Libraries and Linked Libraries have different sharing behaviors.

  • Library widget

    This widget and community controls the membership for community libraries, so it has the special groups with "Community" in the name. Examples of special groups are "Community Members" and "Community Owners" with special permissions. You can also only share with individual users and groups that are explicitly added as Members to the current community.

  • Linked Library widget

    This widget can connect to several types of libraries:

    • Connecting to another community's library disables sharing in the Linked Library, but you can view an item's settings. A link is provided to return to the original Library to set access.
    • Connecting to the same community's library enables, and acts like, a Library widget.
    • Connecting to a library created outside of Connections enables sharing.
  • Sharing
    • You can share with other users. Users must have access not only on specific items, but on the Library (Teamspace object in FileNet) to view content.
    • You can share with anybody in Connections and they can access content provided they are on the access list for the Teamspace. Because this scenario enables integrating with other applications, consult with Library creator to ensure that you have correct access on the Library.
    • You can remove public access, or the special group Everyone (public), as they are not required.
    • Sharing is only supported on FileNet.