Everyone can see documents which exist in Enterprise, but document sensitivities can be used to control who is able to view and/or edit documents. The available document sensitivities from the least restrictive to the most restrictive are:
- Public: Both internal and external users can view the document.
- External: External users can view the document. Public users cannot.
- Privileged: Only Enterprise users with proper access privileges can view, edit and/or delete the document.
- Internal: Internal Enterprise users can view the document.
- Confidential: Only Enterprise users with access privileges for confidential documents can view, edit and/or delete the document.
These sensitivity levels are Enterprise-defined, and you cannot add, edit or delete them.
Assign Document Sensitivity to Documents
Assign a document sensitivity to a new document
- On the Add Document window, select the Details tab.
- Select the sensitivity level from the Sensitivity drop-down.
- Click OK.
Assign document sensitivities to existing documents
- Right-click on the document and select View > Properties. The Document Properties window opens.
- Select the Details tab.
- Select the sensitivity level from the Sensitivity drop-down.
- Click OK.
Restrict Access with Access Privileges
You can use the Allow Edit/Add of Documents by Sensitivity access privilege to restrict your internal Enterprise users from viewing and editing documents based on the sensitivity of the document. This access privilege allows you to control access up to a certain sensitivity level (based on the list above). For example, if a role/user has access to Privileged documents, the role/user can add and edit public, external and privileged documents. If a role/user only has access to Public documents, then the role/user can only add and edit documents assigned to the Public sensitivity.
Assign Users/Roles to the Allow Edit/Add of Documents by Sensitivity Privilege
- Navigate to the Access Privileges page and use the Description field to find the Allow Edit/Add of Documents By Sensitivity access privilege.
- Select the Allow Edit/Add of Documents By Sensitivity access privilege.
- Right-click and select Edit. The Edit Access Privilege window opens.
- In the Access Privilege Details tab, click Manage. The Assign Access Privileges window opens.
- Select the users/roles from the Available section on the left. Use Ctrl+Click or Shift+Click to select multiple users/roles.
- Click the right arrow button to move the users/roles to the Selected section on the right. Clicking the double right arrow button moves all users/roles to the Selected section.
- Click Save. You return to the Edit Access Privilege window.
- Right-click on the user/role from the Access Privilege Details tab and select Assign Details. The Assign Details window opens.
- In the Available section on the left, select the document types the user/role has access to. Use Ctrl+Click or Shift+Click to select multiple document types.
- Click the right arrow button to move the document types to the Selected section on the right. Clicking the double right arrow button moves all document types to the Selected section.
- In the Selected section, click the drop-down arrow in the Sensitivity field.
- Select the sensitivity level the user/role can access for each document type.
- Click Save. You return to the Edit Access Privilege window.
- Click OK.
View-Only Access to Documents
The Allow Edit/Add of Documents by Sensitivity access privilege allows users to view, add, and edit documents. If you want to give users view-only access to documents, allow them to access the document via the access privilege above and then add action restrictions to their role to limit their edit ability. To add the action restrictions:
- Navigate to the Roles page and select the role you wish to edit.
- Right-click and select Edit.
- Open the Action Restrictions tab and click on the Actions section. Click Deny. The Add Action Restriction window opens.
- Add the necessary information:
- Subject: Documents.
- Action: Select the actions to Add, Copy, Delete and Edit a document. Other actions you may consider including are:
- Check in
- Check out
- Export
- Import
- Move Document
- Remove Document File
- Send
- Undo Check out
- Click OK.
Restrict Deleting of Documents
You can use the Deletion of Document By Sensitivity access privilege to restrict your internal Enterprise users from deleting documents. Follow the directions above for adding the Allow Edit/Add of Documents By Sensitivity access privilege.
Comments
11 comments
Is it possible to change the default level of document sensitivity?
0 upvotes
Martin,
The default, in the code, is that Internal is the default setting. However, you may be able to make the changes you wish by looking at the Access Privileges (Allow Edit/Add/Delete Documents by Sensitivity).
--Carrie
0 upvotes
I have found that users cannot even view documents without the Access Privilege (Allow Edit/Add of Document By Sensitivity); can you confirm?
0 upvotes
Alex - because the privilege is an implicit privilege, if you have one user assigned to this privilege, it "activates" it, and all users or roles will need to be in place to view and add documents. If you would like to open it up so that all users can view and add documents to all sensitivities, you would need to remove all users from that access privilege. Here is the wording directly from the window:
This access privilege controls whether or not users can edit or add documents and if so, up to what sensitivity level they can affect. If no users at all are assigned to this privilege, it is considered disabled and all users have complete access to edit or add any document of any level. If a user is attached to this privilege but is assigned a level of zero, it is the same as if the user was not assigned to the privilege.
0 upvotes
Thanks Katie but my question was whether a user can simply view documents without having the Allow Edit/Add of Document By Sensitivity access privilege. It seems strange that you cannot give a user permission to view a document without having to also give them the permission to edit it.
0 upvotes
Alex - It is possible to provide View Only access to documents per role. This is considered an Access Restriction. To set this, Edit the role in which you would like to restrict Edit Document access. On the Action Restrictions tab, click Add. In the Subject, choose Documents. In Action, choose the following: Edit, Edit (v19), Edit Document, Edit Document (v19), Edit Multiple.
0 upvotes
Thanks Katie. Exactly what I needed.
0 upvotes
Hello,
I'm trying to set a sensitivity level that only one department will be able to see. within the Allow/add of Documents by Sensitivity I can assign details as to which type of documents, but I don't see how I can assign users to a specific level of document sensitivity.
I see that there is a column called Level, but when I show the column nothing actually appears.
End goal is I would like to set a list of people who have access to document sensitivity level Confidential (9)
Thank you, I appreciate any comments here :)
0 upvotes
Hi Kayla,
According to your screen shot, you have your roles on the privilege. Therefore, you will be able to adjust the sensitivity level of the users on the Role. Once the Role has been assigned to the privilege, on the Access Privileges Details tab, locate the role and right click. Click Assign Details. The Assign Details window will open and the Role will display on the Selected side.
This is the second level of security within this Access Privilege. Here is where you can adjust what sensitivity level the users on this role have access to. By default, you are setting the sensitivity level to 'Access to All Details (*ALL)' meaning documents entirely. You can, however, locate on the Available list the specific documents area and move it to the selected side and change the sensitivity level for that area to even further customize the document sensitivity settings.
Moving the role on to the privilege, automatically sets the sensitivity to confidential. You would have to 'Assign Details' in order change the sensitivity.
Are all of the members in this department assigned to the same role? Also, would you like your users who are apart of other roles to be able to edit/add documents of a lower sensitivity?
Kaitlyn Batliner
Ungerboeck Consultant
0 upvotes
Thanks Kaitlyn, I understand now.
Actually all the users involved are on the same role, but other departments are also on that role who shouldn't see this document. I suppose I'll change the access privilege from role to specific users and control the access through the assign details options.
Is there a way to add a sensitivity type? The standard: Public (1), External (3), Privileged (5), and Confidential (9) - is there a place to add/customize these labels?
0 upvotes
Hi Kayla,
It is best practice to manage Roles on and off privileges, but you can do a combination of users and roles. Therefore, you can break out this single role into the users on the privilege and then customize where as your other roles may have a unified document sensitivity and for those, you are ok to move their role over and set the sensitivity rather than manually managing every single user in your database.
Keep in mind, this is an implicit access privilege. Therefore, if you never had any users or roles on this access privilege, everyone had access. As soon as you move over any users or rules, the privilege now acts like an explicit privilege where only those assigned have the privilege. I would make sure to take that in consideration when assigning so if any users or roles need ability to add/edit, even if it is a lower sensitivity, they have the appropriate security level set.
Also, if users have multiple roles, access privileges are least restrictive.
Lastly, the Document sensitivities are standard and not customizable. Confidential is the most restricted where Public is the least.
Hope this helps! If you have any issues and need further assistance, please feel free to reach out and schedule dedicated time with one of our consultants to work through this with you.
Kaitlyn Batliner
Ungerboeck Consultant
0 upvotes
Please sign in to leave a comment.