# Groups and permissions concept

It makes sense to combine functions and permissions into groups.

To assign different areas in the repository different permissions, we recommend creating specific area groups. The example below illustrates how you can assign rights via groups and AND groups.

# Assigning rights via groups

Company XYZ has HR, Production, and Logistics departments. The repository provides different permissions that can be assigned to the different departments.

Membership in the different departments also controls permissions to the documents in the repository. In our example, members of the HR department can access all documents in the HR area, while members of the production department have access to the Production area and members of the logistics department have access to the Logistics area. The groups are created according to the company departments for this reason.

The groups assigned via user rights, also referred to as role groups, are combined with the groups corresponding to department membership.

User rights should always be linked to groups and not to individual users. This allows you to track, monitor, and manage assigned rights.

The ELO_StandardUsers group in our company has the following members:

ELO Administration Console, members of the 'ELO_StandardUsers' role group

The HR Department role group has the following members. They are granted exclusive access to documents in the HR area.

ELO Administration Console, members of the 'HR' department

# AND groups

The following figure illustrates a scenario for assigning permissions within the HR department.

Assigning permissions within the 'HR' department

Now, we can set permissions to documents and folders in the HR area using an AND group: Members of both the HR Department and ELO_StandardUsers groups have permissions.

This allows you to give all members of the HR department view permissions to HR documents.

Setting the 'View' permission for the HR department

To ensure that only the ELO_StandardUsers in the HR Department group are given full access to these documents, we will create an AND group. An AND group contains the overlap from the selected groups.

Creating an AND group

In this example, the members of the AND group have full access to this document. ELO shows what employees are members of this group in the example.

AND group with the members of the group

# Assigning permissions via metadata forms

To ensure that the HR documents can only be edited by authorized users, we recommend defining permissions using the metadata form and not for individual entries in the repository.

Assigning permissions via metadata forms

Last updated: June 17, 2024 at 2:07 PM