Nuxeo Platform User Documentation

Managing Permissions

Updated: September 22, 2017 Page Information Edit on GitHub

A permission is a rule to grant access to a user or set of users to a Nuxeo document. User has a view in the dashboard where he can see the documents on which a permission is set. Managing permissions means granting or denying access permissions in a document or folder.

Some permissions are granted automatically, for example when you create a workflow and grant access to a user on a document for the entire workflow or a particular task.

Permissions Overview

Permission Actions in Workspaces Actions in Sections
Read
  • Consult content
  • Comment documents
  • Tag documents
  • Collect content
  • Follow content
  • Consult content
  • Comment documents
  • Tag documents
  • Follow content
Edit
  • Create documents
  • Edit documents
  • Add / remove relations
  • Start a workflow
  • Delete documents
  • + Read actions
  • Create sections
  • Approve/reject pending publications
  • Unpublish documents
  • Delete sub-sections
  • + Read actions
Manage everything
  • Manage permissions
  • Set alerts to other users
  • Apply a preset look on documents
  • Manage deleted documents
  • Define publication targets
  • + Edit actions
  • + Read actions
  • Manage permissions
  • Set alerts to other users
  • Apply a preset look on documents
  • Manage deleted documents
  • + Edit actions
  • + Read actions
Can ask for publishing   Submit documents for publishing

Managing Permissions on Content

Granting Permissions to the Application Users and Groups

To add a permission, at the root of a workspace, a folder or a document, click on the Permission tab New Permission and fill in the popup form.

The new permission is displayed in the Permissions defined locally part of the screen.

Granting Permissions to External Users (Instant Share)

You can share documents and folders with people that don't usually have access to the application, using their email.

In the Permissions Assigned to External Users part of the screen, click New and fill in the popup form. The external person is sent an email notification that contains the link to the document or space. They can access the application only by clicking that link.

Notes:

  • You can only grant a temporary access to external users.
  • External users are not created a user account on the application. They do not have login / password credentials. They can only use the link that is sent to them to access the application.
  • External users have access to the content that was shared with them (either documents or workspaces and their content) and the Search tab.
  • External users do not benefit from the following features: A personal workspace and the Home tab and its features (dashboard, alerts, users / groups search, etc.).

Editing Permissions

To edit a permission click on next to it, from there you can modify the permission and/or the date frame.

Deleting Permissions

To delete a permission click on next to the permission you want to delete, click Ok on the confirmation popup.

Auditing and Purging Permissions

In the Admin Center, the Permissions tab presents two sub-tabs: a Search tab and a Purge tab.

Auditing Permissions

The Search tab will help you to audit permissions in the repository, you can search by user/group, time frame, permissions etc. You can then export search results in an Excel file by clicking the icon .

You can search permissions on the following criteria:

  • User / Group: The user(s) or group(s) of which you want to see the permissions.
  • Granted by: The user who assigned the permissions.
  • Location: The documents or folder hierarchy from which permissions will be searched.
  • Right: The permission to be searched for.
  • Time Frame: The dates during which the permission is / was effective.
  • Status: The status of the permission.
    • Pending: The permissions is not yet active, the permission time range has not yet been reached.
    • Effective: The permission is active.
    • Archived: The permission is not active anymore, the permission time range is overdue.
  • Policy Name: The ID of the policy name. By default, there are two policy types:
    • local for permissions granted locally
    • routing for permissions granted by a workflow

Purging Permissions

The Purge tab will enable admins to delete all the permissions granted to a user or on a section of the repository.

To purge the permission of a user: go to Admin > Permissions > Purge tab, search the user you want and click on Search. The available permissions are displayed, click on Purge to confirm. All the permissions for this user are removed.

a month ago manonlumeau NXDOC-1323: Update BDE doc
a year ago Alain Escaffre 54
a year ago Frédéric Vadon 53 | precise that audit and purge is in the admin center
a year ago Solen Guitter 52
2 years ago Solen Guitter 51
2 years ago Solen Guitter 50
2 years ago Solen Guitter 49
2 years ago Solen Guitter 48
2 years ago Solen Guitter 47
2 years ago Solen Guitter 46 | Add permission overview table
2 years ago Manon Lumeau 45 | Change Write to Edit permission
2 years ago Solen Guitter 44
2 years ago Manon Lumeau 43
2 years ago Manon Lumeau 41
2 years ago Manon Lumeau 42
2 years ago Manon Lumeau 40
2 years ago Manon Lumeau 38
2 years ago Manon Lumeau 39
3 years ago Solen Guitter 37
3 years ago Manon Lumeau 36
3 years ago Manon Lumeau 35
3 years ago Manon Lumeau 34
3 years ago Manon Lumeau 33
3 years ago Manon Lumeau 32
3 years ago Manon Lumeau 31
3 years ago Solen Guitter 30 | Denying access rights now disabled by default, but can be activated through nuxeo.conf
3 years ago Solen Guitter 29 | wording
3 years ago Manon Lumeau 28
4 years ago Solen Guitter 25 | Added anchor to rights inheritance
4 years ago Solen Guitter 26 | Migration of unmigrated content due to installation of a new plugin
4 years ago Solen Guitter 27 | Migration of unmigrated content due to installation of a new plugin
4 years ago Solen Guitter 22
4 years ago Solen Guitter 23 | Removed related topics from TOC
4 years ago Solen Guitter 24 | Migration of unmigrated content due to installation of a new plugin
5 years ago Solen Guitter 16
5 years ago Solen Guitter 17 | Migrated to Confluence 4.0
5 years ago Solen Guitter 18 | Migration of unmigrated content due to installation of a new plugin
5 years ago Solen Guitter 19 | Migration of unmigrated content due to installation of a new plugin
5 years ago Solen Guitter 20 | Migration of unmigrated content due to installation of a new plugin
5 years ago Solen Guitter 21 | Migration of unmigrated content due to installation of a new plugin
5 years ago Solen Guitter 15
6 years ago Solen Guitter 14
6 years ago Solen Guitter 13
6 years ago Solen Guitter 12
6 years ago Solen Guitter 11
6 years ago Solen Guitter 10
6 years ago Solen Guitter 9
6 years ago Solen Guitter 8 | Fixed broken link to Access rights table
6 years ago Solen Guitter 7
6 years ago Solen Guitter 6 | Added toc and related customization content
6 years ago Solen Guitter 5
6 years ago Solen Guitter 4
7 years ago Solen Guitter 3 | added rights prioritization section
7 years ago Solen Guitter 2
8 years ago Solen Guitter 1
History: Created by Solen Guitter