Server Manual > Users and Groups > Security Rights

Security Rights

<< Click to Display Table of Contents >>

Navigation:  Server Manual > Users and Groups >

Security Rights

This section covers the rights and permission that can be assigned to a user or group for any Cabinet / Folder / File in the Docsvault system. The actions that the users can perform on the data are dependent on the security and system rights they are assigned to.
 

Location Based Security Rights

The following securities can be applied to Cabinets, Folders and Files from the Docsvault Client application by members of the ‘Administrators’ group, users/groups with ‘Change Security’ rights and document ‘Owners’.

 

File_Folder_Rights

                                                               Files and Folder Rights

 
As seen in the screen above, these rights can be assigned to both users and groups. The following explanation mentions users only for simplicity of understanding.

 

List

Users with this right can only list the documents. They will not be able to see the contents of the documents nor the associated notes and tasks. Such a right is useful when there is a need to give rights to a user/group to a deep sub-folder only and prevent them from seeing or accessing contents of any other folder in the folder hierarchy.
 
They can set new document relation and create document links (shortcuts).

 

note Note:  

To view the contents of a cabinet or a folder in Docsvault, you must at least have the 'list' security right on the cabinet/folder.

 

Preview

Users with this right can preview supported files formats inside Docsvault Preview Panel. They will only be able to see the contents of the documents but will not be able to edit them.

 

note Note:  

To view the contents of a file in Docsvault, you must at least have the 'Preview' security right on the file. The Preview right is also the best suited right for preventing users from taking information out of Docsvault while still allowing them to see contents of any image or PDF file.

 

Read

Users with this right have read only access to documents, they do not have a right to add, checkout or update any exiting documents. The difference between Preview and Read rights is that users with read right can view any type of file by opening it up in its default application (e.g.. opening a .doc file in MS Word application) where as users with preview rights can view only supported files format inside Docsvault Preview Panel. Users with read right can also view audit trial and version history. They can assign document tasks to others, add notes in the 'Document Notes' section and print documents.

 

New File

Users with this right on any folder will be able to import, scan and paste a new file within that folder. However, they cannot overwrite an existing file or create a new version of it.

 

New Version/Check Out

In addition to all above rights, users with this right will be able to create a new version of any file, move/cut documents, rename files/folders, remove document relations, edit document descriptions & version notes, assign document status, folder sections, append pages to exiting PDFs, digitally sign PDF documents and change the document's profile values. However, they cannot overwrite or delete an existing file; they have to create a new version in order to add information to the document.

 

Undo Checkout

Users with this right can override the checkout lock that is placed on a document automatically when a document is checked out by any user.

 

Overwrite/Delete

Users with this right have the ability to delete, overwrite files, change document status and edit document notes.

 

Change Security

Users with this right can change the security settings of a document and add files and folders to shared space.

 

Change Owner

Users with this right can change the ownership of the documents.

 

New Folder

Users with this right will be able to create a new folder.

 

Export

Only users with this right will be able to export documents outside Docsvault such as drag and drop to the local computer, printing document from the Preview window, export document, and sending documents as email attachments. A minimum of read right is required to enable the export right.

 

note Important Security Note:

The export right will basically prevent mass export of data from Docsvault. However If a user has right to 'read' any document, he/she can export it indirectly by just opening that file in any external application and then use ‘save as’ to save the file outside of Docsvault or use the print function to print that document.
 
The best right to prevent users from taking information out of Docsvault (other than taking screenshots) would be the new ‘Preview’ right. This right would only allow preview of image and PDF files in the Docsvault Preview window.

 
Set Available Profile

Users with this right have permission to change available profile under a folder (applies to folder only).

 

Version Ownership

Users can delete versions and edit version notes created by self. This right is automatically granted to users creating a new version.

 

Document Ownership

Users that can import documents into Docsvault are considered as Document Owner. They are automatically assigned all the above rights except Change Security and Change Ownership rights. This means that even Document Owners until unless assigned can't change the document ownership nor remove users/groups from the security of any files or folder.

 

Document Owners can add files/folders to shared space, delete versions and edit all version notes.

 

 

 

System Features Rights

Depending on the functionality of an individual or group within the organization, a user/group can be assigned rights to the following special features in the system that are not based on files and folders.

 

System_Rights_User       System_Rights_Group

System Rights
 

Create Cabinet

Users with this right can create a new cabinet. Since cabinet is a main level of organization, it is recommended that only few people have this right in the organization.

 

Create Folder Sections

Users with this right have can create sections for any cabinet and folder throughout the repository.  

 

note Note:  

Folder sections are virtual partitions of a folder and not real sub folders. For example, a patient folder can have different sections such as History & Physical, Reports, Doctor's Notes, Claims, etc...

 

Create Profiles/Indexes

Users with this right can create and edit profiles and index fields.

 

note Note:  

Indexes are custom fields that you can create to assign more information to a document or folder. Profiles are simply a group relevant indexes suitable for certain purpose. For example, an 'Account Payable' profile could have index fields like Vendor, Invoice Date, Amount, Due Date, etc.

 

Edit Audit Settings

Users with this right can enable and set logging of any specified events or actions performed by any user. You can set audit settings multiple files, folders or even entire cabinets.

 

Run Audit Queries

Users with this right can query the audit log of all events performed on documents marked for audit logging

 

Edit Doc. Status/Icons

Users with this right can add icons to represent folder and also create new document status, edit or delete existing ones.

 

Create Templates

Users with this right have can create predefined folder, file, security, audit, email and profile templates which can be applied to files and folders being imported into Docsvault.

 

note Note:  

Templates are predefined set to structures that can be used when necessary without having to enter detailed settings manually. You can define multiple templates of folder and file structures and properties like security, allowed profiles and Audit Trail settings.

 

Empty Recycle Bin

Only administrators and users with the 'Empty Recycle Bin' right will be able to permanently delete a document from the Recycle Bin.

 

Create Public Links [Enterprise & Ultimate Edition]

Users with this right can create unique public links to files and folders inside Docsvault and share it over the internet.

 

Create Workflow [Enterprise & Ultimate Edition]

Administrators and any users with this right can create and edit workflow process.

 

Create eForm [Enterprise & Ultimate Edition]

Users with this right can create their eForms and share it over the internet with internal and external users. Administrators can access and edit eForm of any users.

 

 

The following example describes how users may be practically assigned rights to perform specific tasks. Let's say you want to assign most of the available folder permissions to a group of users in the 'Accounting' group on the 'Accounts' folder, but you only want to give the departmental manager the permission to set and monitor audit trail logging that records all actions performed by any user on the 'Accounts' folder.

 

In this case the departmental manager should be a part of the Accounting group, but for purposes of his/her role as a manager, this user should be assigned the 'Edit Audit Settings' and 'Run Audit Queries' system rights to enable him/her to set and query the Audit Trail logs

 

 

Best Practices Recommendation

When assigning security rights, use only groups if possible. This makes it easier to add a user to the document management system. As a member of a group the user will inherit all of the permissions and access that the group has throughout the system.