Skip to main content
All CollectionsAdministration
Introduction to access rights
Introduction to access rights

Principle and operation of access rights and rules for application objects

Pierre-Marie POCH avatar
Written by Pierre-Marie POCH
Updated over a week ago

How are my access rights defined ?

The rights that each user has on the various objects of the application are conditioned by several complementary parameters: they allow application administrators to control the scope of their users, in order to preserve the confidentiality of certain objects or to avoid interference between teams.

Access rights concern all the objects of the application: documents, parts, products and workflows. They are configured using three complementary tools: the distribution scope, the role of user profiles and access rules.

Distribution scope

The distribution scope delimits the maximum field of users who can access an object of the application: a user can see objects which are part of the distribution scope he/she is included in

The distribution scope can be setup at 3 levels:

  • To the owner of an object only

  • To users of one or several Sites

  • To all users of the Organization

The distribution perimeter is a property specific to each object of the application. When a user create a new object (ie: a document), the object is automatically associated with the scope of the creator. It is set by default to Organization when it is created, and can be modified using the Share menu.

User role

A user's role limits the type of action to which a user will be entitled in the application, on all objects. A user will never be able to perform actions that are not authorized by his role, namely:

  • Shared computer: can view objects and write comments, mostly used in workshops when several operators connect the same PC

  • Viewer: can additionally be assigned to workflow tasks

  • Manager: can additionally create/modify application objects

  • Admin: can additionally access the administration area to manage users, properties, views and integrations

A user's role is defined when it is created, and can be modified by an administrator in the user management portal.

Access rules and authorization level

The access rules system allows you to define a set of rules that give permissions to users. These authorizations are divided into four levels:

  • Viewing without downloading: the document can be viewed in the application, but not downloaded to the user's computer

  • Viewing: the document can be opened in the browser and downloaded, but not modified

  • Editing: the document can be opened and edited, but Draft revisions cannot be committed

  • Full access: all rights

The rules make it possible to grant a level of authorization to a group of users, on a group of objects. These groups are defined using criteria based on the properties of each object.

These rules are created and maintained by administrators, via the dedicated management portal in the administration area. To help you check which rules apply to which objects, they are listed in its Sharing tab.

To summarize...

The rights of a user on an object correspond to:

  • the highest level of access given to it by the access rules

  • restricted to the maximum rights of its role

  • provided that the user is within the distribution perimeter of the object

Did this answer your question?