You will be able to find the access control menu in the right information menu if you have one or more document(s) and/or folder(s) selected in the documents section.

Here you will be able to see who has access to the document

Follow these steps to edit the access of one or more document(s) and/or folder(s)

​

Access required: Full access

This article contains information about the following topics:

The access control dialogue can look something like this:

There are four access levels defined.

The access that applies is the highest access that members have received either through user access or through access configured for any of their teams.

No Access

no access to the object.

Read

typical read only, no changing operations.

Write

able to edit and modify the object. Examples include renaming and moving their own uploaded files when they have write access.

Full access

able to control all aspects of the object.

If shared statuses were enabled after October 2nd 2025 the columns "View shared revisions" and "Can publish" to the right of the access column can be seen.
This is what that can look like:

The boxes in these columns can be checked dependent on the access setting.
​

No access

Neither shared revisions nor public revisions can be previewed or seen in the documents list if you do not have access to the document.

Read

Members with read access can be given permission to view shared revisions but will not be able to publish that shared revision

Write

Members with write access will always be able to view shared revisions and can be given access to publish the shared revision.
​

Full Access

Members with full access can both view and publish shared revisions

Click this dropdown to select member(s) or team(s) you wish to configure access for.

Administrators always have full access to everything in the project

Default: Full access

If access is configured for a single user you will see them here.

This is a very specific access as it only applies for the configured user.

Default: Write access

Single user access compared to all users, team and owner access

The single user access will overwrite all other access the user may have received via the all users, team or owner access no matter if it is higher or lower.

Typical workflow

This access is the most secure as you are 100% sure that user has the right access but has to be reconfigured if another users takes over the role of another member in the project.

The all user access is a general access that is the least specific.

Default: Write access

All user access compared to single user access

If the all users access is different from the single user access, the single user access applies because a single user is more specific than all users.

All user access compared to team access

If the all users access is higher than the access of a team that the user is part of, the all users access applies because all users have been given access so it does not matter what access the team has.

If the all users access is lower than the access of a team that a user is part of, the team access applies because then the user's team gets access in addition to the access that all users have.

All user access compared to owner access

If the all users access is higher than the owner access, the all users access applies as the owner is one of the users in the project.

If the all users access is lower than the owner access, the owner access applies because the owner is more specific than the all user access.

Typical workflow

Typically this is changed to no access if you want to limit access to a document or folder for all users. It can then be overwritten by either the team or the single user access.

This access is more specific than the all user access but less specific than the user access.

Default: Write access
​

Team access compared to single user access

If a user is part of a team that has different access than the single user access, the single user access will be the access that applies. There will be a warning that the team access is overwritten for a team member.

Team access compared to all user access

If a user is part of a team that has higher access than the all user access, the team access applies because then the team gets access in addition to the typical access that all users have.

If a user is part of a team that has lower access than this access, the all user access applies because the team might not have been given access but all users have been given access so it does not matter what access the team has.

Team access compared to other team access

Members can be part of multiple teams. In this case the highest access they have received through any of their teams is applied.

Team access compared to owner access

If a user is part of a team that has higher than the owner access, the team access applies as the owner is a member of the team.

If a user is part of a team that has lower than the owner access, the owner access applies because the owner is more specific than the team access.

Typical workflow

It is recommended to set access per team rather than per user.

This allows for flexibility as members are often changing roles.

This is also a good option to use because you can invite members to teams.

The member will then be added to the right team as soon as they join the project so that they have the correct access right away.

The typical workflow is to deny all users access so new users that are not part of teams yet do not see sensitive information and then team access is set to give users access to the information they need.

Owner is defined as the person who Uploaded the file, or created the folder.

To allow for data privacy owners have full access to their own documents.

This means that someone who uploads a document has full control of it.

Default: Full access

Owner access compared to single user access

If any of the owner(s) of the selected document(s) and/or folder(s) has a different access in the single user access, the single user access will be the access that applies.

There will be a warning that the owner access is overwritten for a user.

Owner access compared to all users access

If any of the owner(s) of the selected document(s) and/or folder(s) has higher access than the access in the all users access, the owner access applies as the owner is more specific than the all user access.

If the owner(s) of the selected document(s) and/or folder(s) has lower access than the access in the all users access, the all users access applies as the owner is one of the users in the project.

Owner access compared to team access

If any of the owner(s) of the selected document(s) and/or folder(s) has higher access than the team access, the owner access applies as the owner is more specific than multiple members who could be part of a team.

If any of the owner(s) of the selected document(s) and/or folder(s) has lower access than the access of a team they are part of, the team access applies as the owner is part of the team with higher access.

Typical workflow

In the case of a submitted document this access is often changed so only the administrator has full access of the uploaded document.
​
​

These are the different operations that can be performed on a folder according to the access levels.

Default behavior

All members have at least write access by default.

A member can have read access to a folder if it was created in a folder where read access was configured or if read access was configured specifically for the folder.

The folder may later have been moved so its access does not necessarily have to be the same as the folder it is in.

View folder contents

Members with read access can navigate to the contents of a folder.

Different can access can be configured to the contents of the folder so members with read access may not have access to all elements in the folder.

Share folder

Members with read access can share links to folders with sharelink or by linking the URL.

Sharelink recipient may have different access and might not see the same contents of the folder.

A public link to a collection can be made with the contents of the folder so anyone can download the content of the collection regardless of access settings.
​

Default behavior

All members have at least write access by default.

Create document in folder

Members with write access to a folder can create new documents in that folder.

Add folder in folder

Members with write access to a folder can create new folders in that folder.

Rename folder

Members with write access to a folder can rename the folder.

Default behavior

The folder owner (creator of the folder) and administrators have full access by default.

Move folder

Members with full access can move folders to other folders.

Folder owners (creator of the folder) often have full access and are thereby able to move their own folders.

Members often have write access to documents created by other members.

Members are therefore often only able to move folders they created unless they are in a folder where they have been given more access.

Delete folder

Members with full access can delete a folder regardless of the access that is set in the folder.

Modify folder ACL

Members with full access to a folder can change the access settings to that folder.

These are the different operations that can be performed on a document according to the access levels.

Default behavior

All members have at least write access by default.

A member can have read access to a document if it was uploaded to a folder where read access was configured or if read access was configured specifically for the document.

The document may later have been moved so its access does not necessarily have to be the same as the folder it is in.

Share document

Documents can be shared with sharelink or by linking the URL.

Sharelink recipient may have different access and might not see the same document revisions.

A public link to a collection can be made with a specific document revision so anyone can download the content of the collection regardless of access settings.

Default behavior

All members have at least write access by default.

Link/Unlink objects

Members with at least write access can link and unlink objects to a document.

Edit Labels

Members with at least write access can add and remove labels from a document.

Create new document

Members with at least write access to the parent folder can create documents within that folder.

Rename document

Members with at least write access can rename documents.

Create model

Members with at least write access to a document can create a model from an ifc document making it appear on the models page.

Extension required: .ifc or .ifczip

Additional access required: Write access to creating and removing models in project settings

Remove model

Members with at least write access can remove the model link froma a document that is linked to a model making it disappear from the models page.

Additional access required: Write access to creating and removing models in project settings

Default behavior

The document owner (creator of the document and often the uploader of the first revision) and administrators have full access by default.

Move document to another folder

Members with full access can move documents to other folders.

Document owners (creator of the document and often the uploader of the first revision) often have full access and are thereby able to move their own documents

Members often have write access to documents created by other members.

Members are therefore often only able to move documents they created unless they are in a folder where they have been given more access.

Delete document

Members with full access can delete a document regardless of the access that is sset in the folder.

Modify ACL

Members with full access to a document can change the access to that document.

The table below related the operations that can be performed on a published revision to the access levels.

By default all new revisions in documents are published.

If shared revisions have been enabled all new revisions in documents are created as shared revisions by default.

Preview in Catenda Hub

Members with at least read access to a document can preview published revisions in Catenda Hub.

Access in applications

Members with at least read access to a document can access published revisions from applications that access the API like, our mobile application, Catenda Site.

2D/3D viewer buttons

Members with at least read access to a document with published 3D document revisions can use the 2D and 3D buttons in the viewer column to load the 3D document into the respective viewer.

One of the following required:

Share published revision

Members with at least read access to a document with published revisions can share links to revisions via sharelink or by linking the URL.

The sharelink recipient may have different access and might not be able to view the document.

A public link to a collection can be made with a specific published revision so anyone can download the content of the collection regardless of access settings.

Compare

Members with at least read access to a document with at least two pdf revisions present can use the compare feature.

Additional access required: Second published PDF revision present in document

Download

Members with at least read access to a document with published revisions can download the published revisions in the document.

Add to collection

Members with at least read access to a document with published revisions can add a published revision from a document to a collection.

Withdraw

Members with full access to a document can withdraw published revisions in the document.

The table below related the operations that can be performed on a draft revision to the access levels.

Draft revisions are only available in projects created before October 2 2025.

Access in applications

Only published revisions can be accessed from applications that access our API like, our mobile application, Catenda Site.

Add to collection

Only published revisions can be added to collections.

Preview in Catenda Hub

Members with at least read access to a document and read access to drafts in project settings can preview draft revisions in Catenda Hub.

Additional access required: Read access to document drafts in project settings.

Share draft revision

Members with at least read access to a document with draft revisions and read access to drafts in project settings can share links to draft revisions via sharelink or by linking the URL.

The sharelink recipient may have different access and might not be able to view the document.

Download

Members with at least read access to a document with draft revisions and read access to drafts in project settings can download draft revisions.

Draft revisions can be downloaded one by one by clicking on the download button in the revisions area of the right menu of the revision on the document preview page.

Additional access required: Read access to document drafts in project settings

Preview in Catenda Hub

Additional access required: Document owner

Publish

In projects where the status workflow was activated before October 2 2025 the draft revision checkbox is enabled by default in the upload menu but can be unchecked to uplaod a published revision instead.

The table below related the operations that can be performed on a shared revision to the access levels.

If shared revisions have been enabled all new revisions in documents are created as shared revisions by default.

Access in applications

Only published revisions can be accessed from applications that access our API like, our mobile application, Catenda Site.

Add to collection

Only published revisions can be added to collections.

Preview in Catenda Hub

Members with at least read access to a document with shared revisions and access to viewing the shared revisions of a document can preview shared revisions in Catenda Hub.

Additional access required: "View shared revisions" checked in document access menu

Share shared revision

Members with at least read access to a document with shared revisions and access to viewing the shared revisions of a document can share links to shared revisions via sharelink or by linking the URL.

The sharelink recipient may have different access and might not be able to view the document.

Download

Members with at least read access to a document with shared revisions and access to viewing the shared revisions of a document can download shared revisions.

The latest shared revisions of documents that are selected in the workspace tab of the documents table can be downloaded with the download action.

Previous shared revisions can be downloaded one by one by clicking on the download button in the revisions area of the right menu of the revision on the document preview page.

Additional access required: "View shared revisions" is checked in document access menu

Publish

Members with at least write access to a document with shared revisions, access to viewing the shared revisions of a document and access to publishing revisions in the document can publish one of the shared revisions that have been uploaded since the latest published revision in the document.

Additional access required: "Can publish" is checked in document access menu

Withdraw

Members with at least read access to a document with shared revisions and access to viewing the shared revisions of a document can withdraw shared revisions in the document.

Additional access required: "View shared revisions" is checked in document access menu

When the access settings dialogue is saved access is overwritten.

When elements are selected they will be overwritten with the access setting configured in the menu regardless of what access that was previously configured.

This option is always selected by default regardless of the access in the selected elements.

Ensure that no previously configured access to sub-elements is lost by using this option.

Be careful that while access settings for the selected elements are overwritten, the access in sub-elements will not change and while members might not be able to navigate to them anymore they might still have access through filtering.

New elements in elements where this setting is configured will always inherit the access from configured in their parent element.

Access setting overwritten:

Selected elements

New elements created in selected folders

Access setting not overwritten:

Existing documents in selected folders

Existing sub-folders in selected folders

Existing elements in the tree structure in sub-folders all the way down.

Overwrite the access setting for the selected elements and the documents one level down in the selected elements which often do not have specific access on them.
Access settings of the subfolders to the selected elements and elements in those subfolders are not overwritten with this option.
If access set was previously set in those subfolders this can be a good option to choose to make sure no previously configured access in subfolders is overwritten.

This option is selected by default since it prevents overwriting access to sub-folders in selected folders where that might previously have been configured would otherwise be overwritten.

Access setting overwritten:

Selected elements

New elements created in selected folders

Existing documents in selected folders

Access setting not overwritten:

Existing sub-folders in selected folders

Existing elements in the tree structure in sub-folders all the way down.

Overwrite the access setting for all selected elements, documents and sub-folders in the selected elments and all elements in those subfolders in the tree structure all the way down.
When this setting is chosen in the access menu of documents settings all access to all folders and documents in the entire project are overwritten.
​
This option is not selected by default and has to be chosen because it can overwrite access that was previously configured in sub-folders to selected folders.
If access was previously set in sub-folders it can be better to use the folder and files option on each folder individually so the access that was previously set is not overwritten.

If there is no previously configured access in sub-folders or if it is okay to overwrite access that has been configured in sub-folders this option can be used to overwrite the access to the selected elements as well as the access to sub-elements to those elements.​

Access setting overwritten:

Selected elements

New elements created in selected folders

Existing documents in selected folders

Existing sub-folders in selected folders

Existing elements in the tree structure in sub-folders all the way down.

Access setting not overwritten:

Nothing