The iMIS administrator and all users that belong to the SysAdmin role always have Full Control access to all folders and definition objects in the Document System. These users can also define security privileges for every folder and object in the Document System. The security privileges that you set on a folder or object define exactly which permissions roles, groups, or users have:
■ Control or Full Control - Enables all of the following permissions.
■ Read - Enables users to see this object in Document System definition windows, but they cannot change the object's definition. (For Content Management (CM) only, also enables website visitors to see the rendered output of the CM definition object.)
■ Add - Enables users to create new objects, or to paste or import an object into the Document System.
■ Edit - Enables users to edit this object's definition, but not to delete the object.
■ Delete - Enables users to delete this object.
■ Select - (CM tag objects only) Enables users to assign a tag to content folders and content records.
Keep in mind
■ New folders have unrestricted access: When a new folder is created, the Everyone role is granted Full Control by default.
■ Folder permissions are not the same as per-object permissions: you can set Control/Read/Add/Edit/Delete privileges individually for most definition object types in the Security page of its properties window, independent of the folder.
■ IQA folders are special: Certain folders within the Document System are exposed through the IQA task list item in Customers, Events, Billing, Fundraising, and Orders. These folders and all sub-folders that they contain behave differently when viewed from the IQA task list item:
□ You can create only queries in these folders even if the folder is defined to allow any type of definition object. Only members of the SysAdmin role who edit these folders from Tools > Document System can create the other types of allowable objects.
□ If any user modifies the folder definition to disallow the creation of Query objects, the folder and all of its contents become invisible from within an IQA task list item. Only members of the SysAdmin role who are viewing the entire Document System via Tools > Document System are subsequently able to see the folder.
To define security access for a folder
1. In the Document System, select a folder and click the Edit toolbar command.
2. In the Only allow certain types of objects in the folder? area, specify the objects to be allowed in the folder.
Multi-select object types from the list by holding Shift or Ctrl while clicking items in the list.
3. For the Access Settings, select Private or else select Use a preconfigured security set and select a set from the list, if any apply.
Tip: For best performance, use these shared settings whenever possible (see shared security sets (see Shared security sets, for object-level access)).
4. If you need custom access settings, enable Make this available to and complete the panel.
□ For Specific Roles, select the checkbox for each system-defined role that should have access to the folder. For each role, you can click the Edit icon next to the role name to define the specific privileges for that role.
□ For Specific Groups and Specific Users areas, add the groups and users that should have access to this folder, and click the Edit icon next to each entry to define the specific privileges for that entry.
5. At the bottom of the folder security definition window, click Save to commit the changes to the iMIS database.