You will be able to find the access control menu in the right information menu if you have one or more document(s) and/or folder(s) selected in the documents section.
Here you will be able to see who has access to the document
Follow these steps to edit the access of one or more document(s) and/or folder(s)
Select the document(s) and/or folder(s) you would like to configure the access for
Open the right information menu
Click on edit access
Access required: Full access
This article contains information about the following topics:
Access control dialogue
The access control dialogue can look something like this:
Access levels
There are four access levels defined.
The access that applies is the highest access that members have received either through user access or through access configured for any of their teams.
No Access
no access to the object.
Read
typical read only, no changing operations.
Write
able to edit and modify the object.
Full access
able to control all aspects of the object.
ISO 19650 Shared workflow
If you have the Shared status workflow activated you will see the columns "View shared revisions" and "Can publish" to the right of the access column.
This is what that can look like for different access settings:
The boxes in these columns can be checked dependent on the access setting.
No access
Neither shared revisions nor public revisions can be previewed or seen in the documents list if you do not have access to the document.
Read
Members with read access can be given permission to view shared revisions but will not be able to publish that shared revision
Write
Members with write access will always be able to view shared revisions and can be given access to publish the shared revision.
Full Access
Members with full access can both view and publish shared revisions
Define access for
Click this dropdown to select member(s) or team(s) you wish to configure access for.
Administrators
Administrators always have full access to everything in the project
Default: Full access
Single Users
If access is configured for a single user you will see them here.
This is a very specific access as it only applies for the configured user.
Default: Write access
Single user access compared to all users, team and owner access
The single user access will overwrite all other access the user may have received via the all users, team or owner access no matter if it is higher or lower.
Typical workflow
This access is the most secure as you are 100% sure that user has the right access but has to be reconfigured if another users takes over the role of another member in the project.
All users except x above
The all user access is a general access that is the least specific.
Default: Write access
All user access compared to single user access
If the all users access is different from the single user access, the single user access applies because a single user is more specific than all users.
All user access compared to team access
If the all users access is higher than the access of a team that the user is part of, the all users access applies because all users have been given access so it does not matter what access the team has.
If the all users access is lower than the access of a team that a user is part of, the team access applies because then the user's team gets access in addition to the access that all users have.
All user access compared to owner access
If the all users access is higher than the owner access, the all users access applies as the owner is one of the users in the project.
If the all users access is lower than the owner access, the owner access applies because the owner is more specific than the all user access.
Typical workflow
Typically this is changed to no access if you want to limit access to a document or folder for all users. It can then be overwritten by either the team or the single user access.
Teams
This access is more specific than the all user access but less specific than the user access.
Default: Write access
Team access compared to single user access
If a user is part of a team that has different access than the single user access, the single user access will be the access that applies. There will be a warning that the team access is overwritten for a team member.
Team access compared to all user access
If a user is part of a team that has higher access than the all user access, the team access applies because then the team gets access in addition to the typical access that all users have.
If a user is part of a team that has lower access than this access, the all user access applies because the team might not have been given access but all users have been given access so it does not matter what access the team has.
Team access compared to other team access
Members can be part of multiple teams. In this case the highest access they have received through any of their teams is applied.
Team access compared to owner access
If a user is part of a team that has higher than the owner access, the team access applies as the owner is a member of the team.
If a user is part of a team that has lower than the owner access, the owner access applies because the owner is more specific than the team access.
Typical workflow
It is recommended to set access per team rather than per user.
This allows for flexibility as members are often changing roles.
This is also a good option to use because you can invite members to teams.
The member will then be added to the right team as soon as they join the project so that they have the correct access right away.
The typical workflow is to deny all users access so new users that are not part of teams yet do not see sensitive information and then team access is set to give users access to the information they need.
Owner
Owner is defined as the person who Uploaded the file, or created the folder.
To allow for data privacy owners have full access to their own documents.
This means that someone who uploads a document has full control of it.
Default: Full access
Owner access compared to single user access
If any of the owner(s) of the selected document(s) and/or folder(s) has a different access in the single user access, the single user access will be the access that applies.
There will be a warning that the owner access is overwritten for a user.
Owner access compared to all users access
If any of the owner(s) of the selected document(s) and/or folder(s) has higher access than the access in the all users access, the owner access applies as the owner is more specific than the all user access.
If the owner(s) of the selected document(s) and/or folder(s) has lower access than the access in the all users access, the all users access applies as the owner is one of the users in the project.
Owner access compared to team access
If any of the owner(s) of the selected document(s) and/or folder(s) has higher access than the team access, the owner access applies as the owner is more specific than multiple members who could be part of a team.
If any of the owner(s) of the selected document(s) and/or folder(s) has lower access than the access of a team they are part of, the team access applies as the owner is part of the team with higher access.
Typical workflow
In the case of a submitted document this access is often changed so only the administrator has full access of the uploaded document.
Folder
The table below related the operations that can be performed on a folder to the access levels.
Operation | Read | Write | Full |
View folder contents | x |
|
|
Share folder | x |
|
|
Create document in folder |
| x |
|
Add folder in folder |
| x |
|
Rename folder |
| x |
|
Delete document in folder |
|
| x |
Delete folder in folder |
|
| x |
Move folder |
|
| x |
Delete folder |
|
| x |
Modify folder ACL |
|
| x |
Document
The table below related the operations that can be performed on a file to the access levels.
Operation | Read | Write | Full |
Link/Unlink objects |
| x |
|
Edit Labels |
| x |
|
Publish new document |
| Write access to the parent folder |
|
Rename document |
| x |
|
Create model |
| x if IFC and write access to creating and removing models in project settings |
|
Remove model |
| x if IFC and write access to creating and removing models in project settings |
|
Move document to another folder |
|
| x |
Delete document |
|
| x |
Modify ACL |
|
| x |
Published revision
The table below related the operations that can be performed on a published revision to the access levels.
Operation | Read | Write | Full |
Preview in Catenda Hub | x |
|
|
Preview in Catenda Site | x |
|
|
2D/3D viewer | x if IFC that is linked to model, Pointcloud or GML. |
|
|
Share | x |
|
|
Compare | x and a second published PDF revision present |
|
|
Download | x |
|
|
Withdraw |
|
| x |
Add to collection | x |
|
|
Draft Revision
The table below related the operations that can be performed on a draft revision to the access levels.
Operation | Read | Write | Full |
Preview in Catenda Hub | x and read access to document drafts in project settings | x and document owner. |
|
Preview in Catenda Site | - | - | - |
Share | x |
|
|
Download | x and read access to document drafts in project settings |
|
|
Publish |
| x |
|
Withdraw |
|
| x |
Add to collection | - | - | - |
Shared Revision
The table below related the operations that can be performed on a shared revision to the access levels.
Operation | Read | Write | Full |
Preview in Catenda Hub | x and "View shared revisions" is checked |
|
|
Preview in Catenda Site | - | - | - |
Share | x |
|
|
Download | x and "View shared revisions" is checked |
|
|
Publish |
| x and "Can publish" is checked |
|
Withdraw |
|
| x and "View shared revisions" is checked |
Add to collection | - | - | - |
Overwrite options
Folder and new content
Only sets permission on the folder, no sub elements. New elements will always inherit the access from the folder they are added to.
Folder and files
Only sets permissions on the folder, and the files that are directly in that folder. Sub-folders, or files in sub-folders will not be affected.
Folder and all subfolder and files
Sets the permissions on the folder, and all sub content of that folder, both folders and files