Setting User and Group Permissions

You can make the following settings for a User Account. Tell me more...

• To increase the security of your system and Documents, you can force a password to automatically, and regularly expire after a certain number of days/weeks/months.

  or

• Set a password to Never expire (e.g., for an Admin or TPOC) so that the User's password doesn't ever have to be reset.

  or
• Reset a password which then requires the associated User to change the password the next time he/she logs into the system.

---

These settings apply to major areas of the DocuPhase Platform rather than to specific areas such as Applications, Users, Groups, etc. In addition, the settings can either be set for Users (via AdministrationuCoreuUser Configuration as shown below) or Groups (via AdministrationuCoreuGroup Configuration as shown below) The following permission sets are included under this tab:

Click the links below to learn more about System Permissions:

Capture Set

Controls iLink and ScanDox functionality as they relate to the Capture of data, Documents, and files.

Permission Setting	When enabled (), this setting.../allows the User/Group Members to...
Hide iLink Update Prompt	suppress update prompts initiated by the iLink product.
Perform iLink Index Update	allow iLink to extract data values from a window or web-page, and submit them to DocuPhase for the purpose of updating one or more Index field values.
ScanDox	install ScanDox the DocuPhase capture software product. Tell me more... NOTE When this setting is enabled, you can install ScanDox from the Tools menu in the header, or use an Unattended/"Silent" Install (if available)to place ScanDox and the DocuPhase full-function Viewer on a workstation.

Configuration Set

This set of permissions determines the level of configuration or access a User has with regard to Working with UDLs (User Defined Lists) , Adding/Editing Indexes, Pre-sort, and Inbox functionality.

Permission Setting	When enabled (), this setting.../allows the User/Group Members to...
InBox	access Documents in a DocuPhase User’s Inbox. These Documents can be routed to either another DocuPhase Application, another User, or (User) Group. In addition, the Inbox permission gives the User access to the Routing option on the DocuPhase Main Menu IMPORTANT! Because a the Indexes associated with a Document sent to a User's inbox can't be seen or updated, such Documents must be manually Indexed prior to it being submitted to an Application.
Index Type Add	add Index types. NOTE This option works in conjunction with the I Index Type Update setting; a User must have both permissions enabled in order to add, update, and/or delete an Index type.
Index Type Delete	delete an Index type. NOTE This option works in conjunction with the I Index Type Update setting; a User must have both permissions enabled in order to add, update, and/or delete an Index Type.
Index Type Update	update/edit an Index type. NOTE In order to use this option to Add Index Types, the Index Type Add option must be enabled; to use this option to delete an Index Type, the Index Type Delete option must be enabled.
Pre-Sort Application	add the Pre-Sort General Capture option to the menu: providing the User access to the General Capture functionality . NOTE This setting must be enabled for the User if the User is also going to be set as a Pre-sort Person (as described below).
Pre-Sort Person	send Documents from General Capture to another User's inbox. NOTE The Pre-Sort Application option (as described above) must be enabled for this User before the Pre-Sort Person designation can be applied.
User List Add	add a User Defined List (UDL). NOTE This option works in conjunction with the User List Update setting; a User must have both permissions enabled in order to add, update, and/or delete a User List.
User List Delete	delete User Defined List (UDL). NOTE This option works in conjunction with the User List Update setting; a User must have both permissions enabled in order to add, update, and/or delete a User List.
User List Update	update/edit a User Defined List (UDL). NOTE In order to use this option, the User must also have permission to Add and Delete a User List (as described above).

Search Set

This set of permissions control features are related to the powers the User has to define and edit DocuPhase Applications and perform searches based on checked-out items.This set of permissions control features are related to the powers the User has to define and edit DocuPhase Applications and perform searches based on checked-out items.

Permission Setting	When enabled (), this setting.../allows the User/Group Members to...
Application Add	add/build an Application. NOTE This permission adds the Applications option to the AdministrationuCore menu in the main header: providing access to the Applications Configuration screen.
Application Delete	delete an Application. NOTE This permission adds the Applications option to the AdministrationuCore menu in the main header: providing access to the Applications Configuration screen.
Search All Applications Checkout	search for a Document she/he checked out , but across all Applications. EXAMPLE Let's say, as System Administrator (using User name "sysadmin"), you have several Documents checked out regarding policies for different departments. However, you aren't sure to which Application one specific Document belongs. You can use this functionality to search for only the Documents you have checked out as sysadmin, but you can search across ALL Applications. NOTE This setting only applies to Applications that have Revision Control is enabled. When this option is enabled, an All option appears at the bottom of the Application field on the Application Search screen. When selected, the All option displays two search fields: one that allows the User to search by name (in this case, his/her own name only); the other allows the User to specify how many records per page should be displayed in the Results. Show me...
Search Any User Checkout	search for all Document checked out by any specific User or all across all Applications. EXAMPLE Let's say, a System Administrator (using User name "sysadmin"), is informed that a User, Sharon B., forgot to check in several Documents before she left for vacation. However, Sharon's supervisor is unsure if her department may need one of those Documents before Sharon returns. As a User with this option enabled, the System Administrator can do a search for all Documents that were checked out by Sharon, and let the supervisor know what those are so that the supervisor knows if they need any of the Documents released for other Users prior to Sharon's return. NOTE This setting only applies to Applications that have Revision Control is enabled. When this option is enabled, an All option appears at the bottom of the Application field on the Application Search screen. Show me... When selected, the All option displays two search fields: one that allows the User to search by name; the other allows the User to specify how many records per page should be displayed in the Results.

Workflow Set

This set of permissions control features related to what a User/group of Users can or cannot do within Progression Workflows (including Progression Designer).his set of permissions control features related to what a User/group of Users can or cannot do within Progression Workflows (including Progression Designer).

Permission Setting	When enabled (), this setting.../allows the User/Group Members to...
Calendar Edit	define and edit Custom Calendar settings that can also be used in expressions under the Expression Builder Wizard in Progression.
Priority Edit	change priorities on Workflow Documents.
Reassign Tasks	reassign a Progression Task that has already been assigned to the logged in Users account.
Reassign Any Task	reassign any Progression Task that is assigned to any User or Group.
Work Item List	view all Work Items rather than accessing the next Work Item only. (i.e., when this is enabled, Users/Groups can see all Tasks in their queue in a list: allowing them to choose the order in which they complete the Tasks - regardless of the currently set priority). NOTE By leaving this option disabled, the User or Group has no way to pick and choose Tasks in whatever order they like: they MUST complete Tasks in the order they are assigned, and cannot go to a new Task until the active Task is completed.
Progression Studio	download the Progression Studio product.

Analyses-Reports Set

This set of permissions control options is related to Analytics Administration, selective access to designated Analytics Dashboards, the ability to dynamically design and test new data Analyses, or limit the User to view and use limited drill-down functionality. In addition, when they have been set up, DocuPhaseReporting Templates may be configured to generate text and/or graphical reports that can be viewed, printed, and downloaded: allowing use of saved/shared report definitions.

Permission Setting	When enabled (), this setting.../allows the User/Group Members to...
Analytics Admin	access the Analytics configuration settings via the Administration tab on the main header. NOTE Although this setting may be enabled, it does not provide access to the Analytics tab.
Analytics Viewer	view existing designed and stored analyses, dashboards, and reports. NOTE To better understand and use the available information, this view-only setting allows the User to interactively adjust data selection criteria and perform drill-down operations, as well as temporarily adjust formatting and renderings, etc. However, it does not allow the User to perform design and save activities.
Analytics Design	access the Analytics Design Toolbar, as well as all capabilities of the Analytics Viewer (when using the Designer). NOTE This does not provide permissions to make administrative configuration changes.
Analytics Executive Dashboard	have view-only access to the Executive Dashboard.   NOTE This setting also allows the User to drill-down to an executive version of the Operational Dashboard , then to the Performance Dashboard.
Analytics Operational Dashboard	have view-only access to the Operational Dashboard.   NOTE The User may also drill-down down from the Executive Dashboard to the Performance Dashboard.
Analytics Performance Dashboard	have view-only access to the Performance Dashboard. NOTE The User may drill-down down within the Performance Dashboard only.
System Reporting	As of Release 6.0, this permission setting is currently unavailable. NOTE This permission option does not affect the DocuPhase Standard Reports: Batch, Document Count, Page Count and Summary which are now provided by the DocuPhaseAnalytics component.

Administration Set

 

This set of permissions controls is related to the granting of administrative permissions to a User, and includes optional and related integrated systems (e.g., Progression, ScanDox, iForms, Analytics, etc.).

Permission Setting	When enabled (), this setting.../allows the User/Group Members to...
FTP Config Access	add and edit FTP Data Transfer Configurations: required for FTP Configuration that is used for setting FTP Export Destinations.
Remove Session	end the active DocuPhase session for any/all currently logged in accounts.
System Options Update	update system configuration options, as well as modify settings within ScanDox Profile configuration.
User Add	create/add a new User account. NOTE This option works in conjunction with the User Update setting; a User must have both permissions enabled in order to add a new account.
User Disable	disable an existing User account preventing access and activity under that User Name. NOTE Disabled accounts are never deleted from the system in order to maintain the integrity of any past audit trail references to activities performed while the account was active. Because a User account is never deleted, it can always be re-enabled. This option works in conjunction with the User Update setting; a User must have both permissions enabled in order to disable an account.
User Update	update a User account, including all System-Level permissions (as described in this section). NOTE To use this option to allow the User to add Users, the User Add option must also be enabled; to use this option to allow the User to disable other Users, the User Disable option must also be enabled.
User Group Add	create a Group of Users. NOTE This option works in conjunction with the User Update setting; a User must have both permissions enabled in order to add a new account.
User Group Delete	delete a Group of Users. NOTE This option works in conjunction with the User Group Update setting; a User must have both permissions enabled in order to add a new account.
User Group Update	update a User Group. NOTE To use this option to allow the User to add Users, the User Group Add option must also be enabled; to use this option to allow the User to delete User Groups, the User Group Delete option must also be enabled.

The Applications tab on both the User and Group Permissions screens provides a way for you to do four things:

1. give access to Applications to specific Users or Groups
2. see and set Application permissions for specific Users or Groups
3. add Document security
4. set Index security

Element	Use it to...
Multi-App Configuration	make simultaneous configuration settings for two or more Applications. In this way, if you have Users and/or Groups that require the same sets of permissions, you can make them all at one time, rather than having to set them one at a time.
Select All	select ()/deselect () all Applications to which you want to set Multi-App Configurations.
Grant	allow access by the designated User or Group.
Application Name	see a list of the names of all available Applications to which you can grant access.
Configuration ()	identify Applications available for Permissions Configuration for the designated User or Group.
Document Level Security ()	view which Index fields and values a User or Group can access. This allows your organization to apply a higher level of security to Documents contained within an Application.
Index Level Security ()	review and/or edit (if allowed) settings for Application(s) that have restricted access to very specific information within a Document (i.e., Indexes); users still have access to the Document- as well as the Application in which it resides, but may not have access to certain information contained there.

---

When the icon appears in the Configuration column on the it Application tab, it indicates that the Application is available for Permissions Configuration for the designated User or Group. The following settings appear on that screen:

 

Click the links below to learn more about Application Permissions:

Cabinet Management Set

These settings Allow you to specify what a User or group of Users can do with regard to an Application and its Indexes.

Permission Setting	Description
Index	These are the permissions that allow Users to Add, Update, and/or Delete Indexes. Tell me more...
Application	Application Management lets a User implement and de-implement an Application. Tell me more... Application Update lets the User make changes to the Application itself. Tell me more...

Account Functionality Management Set

 

Use these to choose from a multitude of options that allow the specified User or Group to make settings related to the following:

Permission Setting	Description
Forms	Form Create Edit allows the User to not only design and create a form, but then make changes to a saved Form. Form Delete lets the User delete any Form to which he/she has access. Form Fill provides the user with the ability to select and enter data into Webform in order to create and capture a new document (as an “electronic form") within DocuPhase.
Revision Control	Delete Revision let's the User delete any revision of a Document to which he/she has access. Tell me more... Document View Revisions allows the User to see any revision of a Document within the designated Application. Tell me more... Promote Revision gives the User the ability to set a previous Document revision as the current version. Tell me more... Revisions Control let's the User check-in and check-out Documents within a designated Application. Tell me more... Undo Any Checkout permits the User to discard any edits and return the Document "as is" to the repository without having to check it back in.Tell me more...
Indexing (Values Only)	Indexing Edit enables the User to make changes to Index values (not to the Indexes themselves). Tell me more... Indexing Multi-Edit lets a User edit multiple Indexes simultaneously. Tell me more... Manage Indexing Profiles allows the User to create and maintain Indexing profiles. Tell me more... Manual Indexing gives a User or Group the chance to manually (rather than automatically) Index Documents. Tell me more... Route Application determines whether or not the User/Group is able to route Documents out of an Application. Tell me more... Route Person determines whether or not the User/Group is able to route Documents to a specific User's Inbox from an Application. Tell me more...
Annotations	View and Edit options give the User the ability to see and edit any/all Annotations in a document; this includes seeing and editing Annotations added by other users. Tell me more... WARNING!!! Any user with permission to edit notes, can delete them as well Add gives the user the capability to add their own Annotations to a document. NOTE If you enable the Edit and/or Add option, you must also enable the View option (i.e., the user needs to be able to see Annotations in order to edit and/or add them). Annotation Edit Own allows the User to edit his/her own Annotations, while restricting them from editing the Annotations of others. Tell me more... Hide Redaction - lets the user "reveal" one ore more redacted (i.e., blacked out) areas of a document: allowing the user to see whatever was covered by the redaction. Tell me more...
(Annotations) Notes	Note settings (Add, View) allow a User to add and see Notes stored in a document/file . Tell me more... NOTE If you enable the Add option, you must also enable the View option (i.e., the user needs to be able to see Notes in order to add them).
Tagging	These permission setting in the Tagging set are all related to the permitted functionality in the use of searchable Tags by a User or Group: Allowing Users to Add, View, Remove, and/or Rename tags. Tell me more...
Saved-Queries	All of these permissions are related to the functionality of Query element that appears on the Search screen: allowing Users to not only Save Queries, but also to Delete and Share Queries. In addition, you can enable settings that allows Users to View (and use) and Modify Shared Queries (i.e., Queries created and saved by other Users).
Operations	Document Hard Delete enables a User to view the Object* Status fields that have a soft-deleted status (i.e., “X”), then permanently remove the object from the system. Tell me more... Document History Report lets a User generate and display system event history (via the DocuPhase Reporting component). Tell me more... Document Soft Delete allows the User to remove an object* from User access, but without completely removing it from the system: preventing the object from being used/selected, while keeping it available to be re-added. Soft deleted items are flagged (i.e., “X” as the Object-Status), but must be hard deleted to be permanently removed from the system. Tell me more... Download Document makes the download option available to the User: allowing a file to be saved on a specified local or network folder. Tell me more... Edit Object Status allows a User to change the status of an object* (e.g., re-adding a soft deleted item "X" to the system). Tell me more... Email lets the User send emails with attachments. Tell me more... Export enables the User to use the DocuPhase Data Transfer component. Tell me more... Open PDF Document in Viewer makes it possible for the User to view PDF Documents within the native viewer. TIP This is typically used when Users have full versions of Adobe. Print Image gives the Users the option to print a hard copy of an image from DocuPhase. Tell me more... Scan Image allows a User to send Documents from the full-functionality Viewer (i.e., the Legacy Viewer) to ScanDox(via the Send to ScanDox icon: ). Tell me more... Search Document Text if/when the Full Text component is in use on the system, you can then make this option available to Users to allow them to use Full Text Search. If Full Text is not activated, or if this option isn't enabled, Users can still search by Index Values. Tell me more... Show All Statuses makes it possible for the User to see searchable and unsearchable items (based on their Object Status). Tell me more... Upload Filelets the User manually upload a file. Tell me more...

*System objects can vary as to whether they are variables, a data structures, functions, or methods: existing as a value stored in memory and referenced by an identifier. In DocuPhase, objects can range from files to search queries to Groups and Users, etc.

---

The function of this Group tab on the User Configuration screen is to list any Groups to which this particular User belongs. Since Users ‘Inherit’ permissions from the Groups to which belong, you can use this tab to better assess ALL of a specific User's permissions.

---

The tabs shown on the Group Permissions screen provide the same System and Application settings as they do for individual Users, except that the settings apply to the entire Group and are inherited by its members.

---

This tab allows you to give access to individual Users and/or groups of Users (depending upon which Configuration level you've selected from the Administrative menu).

Permission Setting	When enabled (), this setting allows the User/Group Members to...
Databases	access to one more databases used for producing Analytical data.
Grant	access available databases for running Analytics.
Cube	access Cube columns available in the corresponding database.
Folders*	access to one more folders (used for producing Analytical data.
Folder	access to a Folder.
Write	update the corresponding Folder.

On the User Configuration screen:

1)  Find and click next to the name of the User Account for which you want to change the Login Expiration or Reset the Password to display the corresponding User Permissions screen.

 

 

To Set an Expiration time for the User Account Password:

In the Login Expiration drop-down list at the top-left of the User Permissions screen:

2)  Select one of the available Login Expiration time options or the Never Expires option, as appropriate, and go to step 3 below.

TIP

For security purposes, it is recommended that you set passwords to expire (requiring creating a new password) on a regular basis such as 3 months (90 days) for at least most Users.

or

 

 

To Reset a User Account Password (effective upon the User's next login):

2)  Enable () the Reset Password Next Login option: requiring the designated User to change his/her password at the time of the next login.

TIP

This feature is generally used to reset a User's password when he/she cannot remember the current one, or if a User feels that his/her password has been compromised in some way.

When the setting is complete:

3)  Click to save the settings and return to the User Configuration screen.

Show me...

---

In the Search field on the User Configuration screen:

1)  Enter a name or partial name, then click to display corresponding results (if any).

TIP

Remember, you can use the Show disabled Users option to find all Users that fit your search criteria.

If you see the User for whom you searched:

2)  Click next to the User name to display the User Permissions settings for that User. Tell me more...

and/or

3)  Click on the User name to display the Preferences settings for that User. Tell me more...

Show me...

---

On the User Configuration screen:

1)  Click to display the Preferences screen.

2)  Set User Preferences on each tab, as appropriate. Tell me more...

On the User Profile tab of the Preferences screen:

3)  Click to complete the User settings and return to the User Configuration screen.

• The new User now appears in the list.

On the User Configuration screen:

4)  Find the name of the newly added User in the list.

5)  Click next to the name to display the User Permissions screen for that User.

On the User Permissions screen:

6)  Set User Permissions on each tab, as appropriate. Tell me more...

When settings are complete:

7)  Click to save the settings and return to the User Configuration screen.

Show me...

---

To make changes to User Permissions:

On the User Configuration screen:

1)  Click next to the name to display the User Permissions screen for that User.

2)  Set User Permissions on each tab, as appropriate. Tell me more...

3)  Click to save the changes and return to the User Configuration screen.'

AND/OR

To make changes to User Preferences:

On the User Configuration screen:

1)  Find and click on the name of the User to display the corresponding Preferences screen.

On the User Preferences screen:

2)  Make changes to User Preferences on each tab, as needed. Tell me more...

Once changes are complete:

3)  Click to save the changes and remain on the current tab;

or

Click to save the changes and return to the User Configuration screen.

Show me...

---

To disable a User Account from the Preferences screen:

On the User Configuration screen:

1)  Search for (as shown above), find, and click on the name of the User Account you want to disable to display the Preferences screen.

On the User Profile tab of the Preferences screen:

2)  Click to display a confirmation prompt asking you if you are sure you want to disable the User.

3)  Click to disable the User and return to the User Configuration screen.

• The User no longer appears in the list of Users on the User Configuration screen unless the Show disabled Users option is enabled ().

or

To disable a User Account from the User Permissions screen:

On the User Configuration screen:

1)  Search for (as shown above), find, and click next to the name of the User Account you want to disable to display the Permissions screen.

In the Login Expiration field at the top of the User Permissions screen:

2)  Select Disable Account.

3)  Click to disable the User and return to the User Configuration screen.

• The User Name no longer appears in the list of Users on the User Configuration screen unless the Show disabled Users option is enabled ().

Show me...

---

To re-enable a disabled User Account:

On the User Configuration screen:

1)  Enable () the Show disabled Users option to display disabled User account in the list: designated as "(disabled)."

2)  Search for (as shown above), find, and click next to the name of the User Account you want to disable to display the Permissions screen.

In the Login Expiration field at the top of the User Permissions screen:

3)  Select any Login Expiration time (other than Disable Account) or Never Expires to re-enable the User Account.

4)  Click to save the setting and return to the User Configuration screen.

• The re-enabled User account name now re-appears in the list of Users on the User Configuration screen.

Show me...

---

To create the Group:

In the field at the right top portion of the Group Configuration screen:

1)  Enter a name for the Group you want to create.

2)  Click to add the new Group name to the list on the Group Configuration screen.

IMPORTANT!

You must use the procedures below to add Members/Users to the Group, and also to set Group Permissions in order for the Group to be able to access and use Applications and other functionality within the DocuPhase system.

To set Group Details:

On the Group Configuration screen:

3)  Find and click on name of the new Group to display the Group Detail screen. Tell me more...

On the Group Detail screen:

4)  Make settings as needed (i.e., change the Group name, add/remove members, etc.).

TIPS

• Adding and Removing Users:

•  Add Users to a Group: click on the User(s) in the Available Users column, then click to move the selection(s) to the Group Members column.
•  Remove Users from a Group: click on the User(s) in the Group Members column, then click to move the selection(s) to the Available Users column.
•  Add All Users to a Group: click to move ALL Available Users to the Group Members column (i.e., adding all Users to the Group without first needing to select them).
• Remove All Users from a Group: click to move ALL Group Members to the Available Users column (i.e., removing all Members from the Group without first needing to select them).

• Selecting Multiple Items at Once:

• Select multiple, consecutive items in a list by either of the following methods: holding the Shift key, and clicking on items; or click on the first item you want selected, hold the Shift key, then click on the last item in the list you selected.
• Select multiple, non-consecutive or consecutive items by holding the Shift key, and clicking on items.

5)  Click to save the settings and return to the Group Configuration screen.

To set Group Permissions:

On the Group Configuration screen:

6)  Find and click next to the Group to display the corresponding Group Permissions screen.

On the Group Permissions screen:

7)  Set Group Permissions on each tab, as appropriate. Tell me more...

When settings are complete:

8)  Click to save the settings and return to the Group Configuration screen.

Show me...

---

To change the Group Details (i.e., change Group Name, add/remove members):

On the Group Configuration screen:

1)  Find and click on name of the Group to which you want to make changes to display the Group Detail screen. Tell me more...

On the Group Detail screen:

2)  Change settings as needed (i.e., change the Group name, add/remove members, etc.).

3)  Click to save the settings and return to the Group Configuration screen.

To Change Group Permissions:

On the Group Configuration screen:

4)  Find and click next to the Group to display the corresponding Group Permissions screen.

On the Group Permissions screen:

5)  Set Group Permissions on each tab, as appropriate. Tell me more...

When settings are complete:

6)  Click to save the settings and return to the Group Configuration screen.

Show me...

---

On the Group Configuration screen:

1)  Find and click on name of the Group you want to delete to display the Group Detail screen. Tell me more...

On the Group Detail screen:

2)  Click to display a confirmation prompt asking if you are sure you want to delete the Group.

3)  Click to delete the Group and return to the Group Configurationscreen.

• The Group no longer appears in the list of Groups.

Show me...

---

On the User or Group Configuration screen:

1)  Click next to the User or Group to which you want to give access to display the corresponding Permissions screen.

TIP

Since, the System tab appears by default, it's a good idea to make sure System Level Permissions settings are correct.

In the Grant column under the Applications tab:

2)  Enable () the Application(s) to which you want the designated User or Group to have access.

IMPORTANT!

If you want to remove a User's or Groups access to an Application, just make sure that there is no check in the check box : click on an enabled () check box to disable ( ) it.

TIP

Refer to Multi-App Configuration settings (described here).

On the User or Group Configuration screen:

3)  Click to complete and save the settings.

Show me...