# User rights

You can manage user rights in the Users and Groups configurations.

Information

Ideally, all rights are inherited through groups. This makes it easier to assign and manage rights.

# User administration rights

User rights; 'User administration' section

# Main administrator (FLAG_ADMIN)

Administrator rights are required to make global settings.

If you have the Main administrator right, you can see all users and groups, even if the option Visible in user lists is disabled for them. If you also have the Edit user data right, you can administer all users and groups.

The Main administrator right allows you to change the permissions of the top repository level: To change the permissions and options of the top level, you need to open the Set permissions dialog box, which you can only do if you have the Main administrator right. To modify the permissions, however, you also need the Edit permissions right, meaning you need both rights in this case.

You can perform the following actions in ELO with the Main administrator right:

  • Delete entries permanently, even if you do not have the rights Delete folders, Delete documents, Delete non-modifiable documents, and Delete versions
  • Remove a lock on any entry made by any user
  • Assign substitutes for all users
  • Manage views and view profiles for all users
  • Delete metadata forms
  • Log on in administration mode or when repositories are locked

You will find more information under Rights in ELO > Configuration > Necessary rights for the ELO Administration Console.

# Edit user data (FLAG_SUBADMIN)

You can perform the following actions in ELO with the Edit user data right:

  • Create users and groups. Groups and other users can only be given the same (or fewer) rights.
  • Administer users and groups if you are entered in the Administrator field for the respective user or group, or you also have the Main administrator right. If a group is entered in the Administrator field, all members of this group can administer the corresponding users or the group if the administrating group also has the Main administrator right.
  • You can only assign groups you are set as an administrator for or if you also have the Main administrator right.
  • You can only edit your own user data if you are set as an administrator in the user administration or if you also have the Main administrator right.
  • In the ELO Java Client, this right enables you to set substitution rules for other users that you are an administrator of, even if they are not Visible in user lists.

Information

Only users with Main administrator and Edit user data rights can see and administer all users and groups.

# Change password (FLAG_CHANGEPW)

With this right, you can change your own password for logging on to the system.

# SAP administrator (FLAG_SAPADMIN)

This right is required for enabling the link between the ELO Suite and SAP using ELO Suite for SAP ArchiveLink® and allows you to manage the metadata form associated with the interface to SAP. The metadata form for SAP-administered documents can be viewed by every user but can only be edited by users with this right.

# DMS Desktop user, no workflows (FLAG2ISDMSDESKTOPUSER)

If this option is enabled, the user does not have access to workflow functions. This applies to the following functions:

  • Ad hoc workflow
  • Extend workflow deadline
  • Workflow overview
  • Hand off workflow
  • Accept workflow
  • Show workflow
  • Delegate workflow
  • Start workflow
  • Forward workflow
  • Return workflow
  • Postpone workflow
  • Workflows for this entry
  • Edit workflow templates
  • Cancel postponement

Please note

This right is a restriction that supersedes all other rights associated with workflows. A user with this right is unable to use the functions and roles associated with workflows, irrespective of whether the individual rights are set or inherited by a user or not. The user is also unable to edit any workflow tasks that are assigned to them. This is because the ELO DMS Desktop does not include workflow functions.

# ELO Desktop Client Plus user (FLAG2DESKTOPCLIENT_PLUS)

This right runs the ELO Desktop Client in advanced mode, with some task functionalities and the full client view mode.

Please note

This right limits what functions are available to the user.

# ELOxc Client user, e-mails only (FLAG2LIMITEDCLIENT)

This right opens the ELO Client for Microsoft Outlook in ELOxc for Microsoft EWS mode, and is restricted to the file formats (EML, MSG, and VCF) that can be opened by Microsoft Outlook. No other formats are available to the user.

Please note

This right limits what functions are available to the user.

# Folder/document permissions

User rights; 'Folder/document rights' section

# Edit folders (FLAG_EDITSTRUCTURE)

This right enables users to edit documents and create child folders within folders. You also need the Edit folders user right to be able to create and edit teamspaces and workspaces in the client.

# Edit documents (FLAG_EDITDOCS)

This right enables users to edit documents. This includes the functions:

  • Load new versions
  • Check files in and out
  • Insert files
  • Documents from templates
  • Add and delete attachments
  • Add to full text database
  • Delete from full text database
  • Create signature

Users are only able to edit document metadata if they have the corresponding right. Otherwise, the user can only open the metadata in read-only mode.

# Edit permissions (FLAG_EDITACL)

This right allows users to change the permissions to entries (documents and folders) in ELO.

Information

In order to be able to modify the permissions to entries, you need the right Edit folders or Edit documents. You also need the Set permissions (P) permission for each individual entry.

Users have the option to configure the rights when filing entries in the client, since they have full rights to the file. The user right applies to subsequent editing of permissions.

It does not apply to the permission settings in the ELO Administration Console or the ELO Java Client configuration. If users can edit the stamp, metadata forms, etc., they can also edit their permissions without this user right being checked.

# View all entries, ignore permissions (FLAG_IGNOREACL)

This right means that the user can view all documents and folders, even if the user does not have access to them. It revokes all existing object permissions. Users with this right have full access permissions to all ELO entries.

The only way to protect documents from users who possess this user right is to encrypt them.

# Import permission (FLAG_IMPORT)

This right allows users to import a data set into the repository. All data available in the data set will be imported — object permissions are ignored. The user performing the action therefore also imports data that they do not have permissions to. This data will not be visible to the user.

# Export permission (FLAG_EXPORT)

This right enables the user to create a data set for export. The user can only export entries and documents that they have the corresponding permissions to.

# Folder/document options

User rights; 'Folder/document options' section

Information

The rights in this group (except Change document paths) only apply if the user also has the Edit folders or Edit documents rights.

# Change metadata form after filing (FLAG_CHANGEMASK)

This right allows the user to assign a different metadata form to a document already filed to the repository. Please note that doing this may cause metadata to be lost. This is only possible if the user also has the right Edit folders or Edit documents, depending on the entry.

# Edit keyword lists (FLAG_EDITSWL)

This right enables the user to add, change, and delete entries to the keyword list. If the user does not have this right, they will not be able to edit the keyword lists in the ELO Administration Console, even if they have the right Edit metadata forms and fields.

This is only possible if the user also has the right Edit folders or Edit documents, depending on the entry.

# Edit retention period (FLAG_EDITDUEDATE)

This right enables the user to set and extend the retention period for documents. If the user does not have this right, the corresponding field in the Metadata dialog box is disabled.

This is only possible if the user also has the right Edit folders or Edit documents, depending on the entry.

# Change document status (FLAG_CHANGEREV)

This right enables the user to set the document status on the Options tab in the Metadata dialog box:

  • Version control disabled
  • Version control enabled
  • Non-modifiable

This is only possible if the user also has the right Edit documents.

# Change document paths (FLAG_CHANGEPATH)

This right gives users access to the selection list for the document path in the document options and enables them to change the path for a specific document. This is only possible when entering metadata in the Intray. If a document has already been filed, this selection list is permanently deactivated. If this is the case, you can only move documents to a different path using the Move document files function if you have main administrator rights.

This right does not allow users to create new document paths or change their definition. Editing, creating, and assigning document paths requires main administrator rights.

# Author for approval documents (FLAG_AUTHOR)

This right allows the user to select or deselect the Approval document check box and edit approval documents. The author is able to continue editing previous versions of a document. When users check out documents, they are able to select all document versions. When documents are checked in, the old working version is retained. The working version (= approved version) can only be changed by authors for approval documents.

This is only possible if the user also has the right Edit documents.

# Show "Additional information" tab (FLAG2SHOWEXTRA_INFO)

This right determines whether a user is able to see the Additional information tab in the Metadata dialog box.

This is only possible if the user also has the right Edit folders or Edit documents, depending on the entry.

# Deletion rights

User rights; 'Delete' section

# Delete folders (FLAG_DELSTRUC)

This right determines whether a user is able to delete folders.

# Delete documents (FLAG_DELDOC)

This right determines whether a user is able to delete documents.

# Delete non-modifiable documents (FLAG_DELREADONLY)

This right enables the user to delete documents that have been filed with the status Non-modifiable or have been awarded this status at some point.

This is only possible if the user has the right Delete documents.

# Delete versions (FLAG_DELVERSION)

This right allows the user to delete individual versions from a document's version history.

In the ELO Java Client, the user can see the deleted versions of a document in the Document versions dialog box if the Show deleted entries function is enabled.

# Workflow rights

User rights; 'Workflow' section

# Manage workflows (FLAG_EDITWF)

This right enables users to:

  • Create workflow templates and forms
  • Cancel active workflows before they are completed
  • Delete completed and canceled workflows permanently
  • Edit successor nodes

# Start workflows (FLAG_STARTWF)

This right allows a user to start workflows. This applies to the following functions:

  • Ad hoc workflow
  • Workflow overview
  • Start workflow
  • Workflows for this entry

The user also requires this right to start workflows when filing entries with a metadata form that is linked to a workflow. If the user does not have this right, the user may file documents with this metadata form but cannot start a workflow.

Without this right, the user will not be able to use the Workflow overview and the Workflows for this entry functions on the ribbon of the ELO client. The user is able to open an overview of all workflows in which the user is involved, either directly or indirectly (through group membership).

# Extend workflow rights (FLAG2EXTENDWORKFLOW_RIGHTS)

Users with this right have temporary read access to the entry assigned to the active workflow node. The document can only be viewed in the Tasks work area, and only as long as the document is assigned to the user or a group that the user is a member of. In addition, an entry in the database table ProfileOpts gives the user the option to control whether temporary or permanent permissions are to be assigned.

This right cannot replace other user rights, even those that are temporary. The right applies to documents and folders, but not to metadata forms.

# View workflows for all users (FLAG2WFCONTROLLER)

This right allows the users to see all workflows that are active and not just those workflows that the user is participating in.

# System settings

User rights; 'System settings' section

# Edit master data (FLAG_EDITCONFIG)

This right gives the user access to entry types (icons and names of folders and documents), font colors, and stamps.

# Edit scan profiles (FLAG_EDITSCAN)

When this option is enabled, the user can change the settings for the scanner parameters and scan profiles. If the user also has Main administrator rights, they are also able to manage and edit global scan profiles and the scan parameters for other users.

# Use debugger (FLAG_EDITSCRIPT)

If you have this right, you can open the JavaScript debugger in the ELO Java Client with the keyboard command Ctrl+Alt+D.

Information

Scripts are managed like documents in ELO. To edit scripts, you need the corresponding permissions.

# Edit metadata forms and fields (FLAG_EDITMASK)

This right enables the user to create new metadata forms and modify existing ones.

If you need to edit the keyword lists in the metadata forms, then you also need the right Edit keyword lists.

# Assign replication sets (FLAG_EDITREPL)

You require this right for assigning data to replication sets in the repository. Replication sets are needed by ELO Replication to determine data quantities.

Last updated: September 12, 2024 at 12:16 PM