Permissions and access management
Files and folders can be shared within a Library. However, the Library itself cannot be shared, but you can set access on the Library in the edit mode of the Library widget. The Library owner can decide the permissions to be given to members of a community. Initially, files and folders inherit access settings from their parent.
Global content administrator access for Libraries is configured in FileNet. You can add individual users as administrators, however, it is recommended that you use a group for administrators. By using a group, administrators can be added and removed through directory configuration without changing FileNet, Library, or Connections configurations. See Setting an LDAP group to be domain administrator instead of specific user. For more information about the Library widget, see Configuring Library widget options and defaults.
The following user types can use files and folders:
- Readers
- Contributors
- Editors
- Owners
The following table shows the user types and their permissions.
User types | Permissions |
---|---|
Readers |
|
Contributors |
|
Editors |
|
Owners |
|
Note the following restrictions on users and permissions:
- Contributors
The permissions that are granted to Contributors apply only to folders, so you cannot set Contributors on a file. A user who is a contributor on a folder can read files on that folder by default.
- Owners
Owners have the highest role permissions, and cannot be normally set or modified.
- Created itemsThe following are added to an item when it is created:
- The item creator
- In a community library, the special group "Community Owners"
- Sharing files and foldersYou can share with the following users and groups:
- Individual users
- Normal groups that exist in the directory for Connections
- Special groupsNote: Special groups are handled by Connections and have more dynamic membership than normal groups
- Owner and member status
Community owners are all users in a Community with Owner status. Community members are all users in a Community with Member status.
- Public
Everyone (public) is all users that have accounts for Connections, and all anonymous users if they are enabled.
- Special groups
Special groups are inclusive of each other and the users in the groups. If a special group is on a higher role that a member contained in that group, the special group's role takes precedence.
- Breaking inheritance
When you break inheritance on an item, the Library adds all entries, besides the already present Owners, to the item's access list in FileNet. Connection Libraries do not set access directly in the Access Control list on a document in FileNet. Instead, Connection Libraries use a Role object that is added to the document. By using Roles instead of FileNet access lists, access is applied to all versions of a document at the same time. The user does not see the use of the Roles object instead FileNet. Instead, the user interacts with the document access through the sharing tab. Resetting an item's inheritance erases the Role objects that are used for access within FileNet and resets all versions to reinherit from their parent.
- Inheritance in Libraries and Linked Libraries
Libraries that are created in Connections by adding a Library widget to a Community, inherit access from that Community. Libraries that are created by manually creating Teamspaces in FileNet or other FileNet applications, do not inherit access from a community. You can reference these Libraries created outside of Connections by using the Linked Library widget.
Libraries and Linked Libraries have different sharing behaviors.
- Library widget
This widget and community controls the membership for community libraries, so it has the special groups with "Community" in the name. Examples of special groups are "Community Members" and "Community Owners" with special permissions. You can also only share with individual users and groups that are explicitly added as Members to the current community.
- Linked Library widget
This widget can connect to several types of libraries:
- Connecting to another community's library disables sharing in the Linked Library, but you can view an item's settings. A link is provided to return to the original Library to set access.
- Connecting to the same community's library enables, and acts like, a Library widget.
- Connecting to a library created outside of Connections enables sharing.
- Sharing
- You can share with other users. Users must have access not only on specific items, but on the Library (Teamspace object in FileNet) to view content.
- You can share with anybody in Connections and they can access content provided they are on the access list for the Teamspace. Because this scenario enables integrating with other applications, consult with Library creator to ensure that you have correct access on the Library.
- You can remove public access, or the special group Everyone (public), as they are not required.
- Sharing is only supported on FileNet.