Security Privilege Descriptions

There are many security privileges in Meridian. Privileges control access to document content, metadata, and redlines. They also control access to the commands that act upon documents. All privileges are effective regardless of the method with which the vault is opened, whether with one of the Meridian client applications or with Application Integration. Privileges are assigned to security roles, as described in Manage Security Roles, and then security roles are assigned to vault folders as described in Assign Security Roles To a Folder.

The topics that follow are organized according to object type and describe each privilege in more detail.

ClosedAsset Management Privileges

The Meridian asset management privileges are described in the following table.

Asset management privilege descriptions
Privilege Description

Create Tags

Required to create new tags in the vault.

Edit Tag Assignments

Required to create and delete references to tags.

View Asset Management pages

Required to view the Tags and Where Used property pages in the Meridian Enterprise client applications.

ClosedDocument Privileges

Document privileges control access to document data and commands within the folders to which the privileges have been assigned. If the Use Document Type Security option is enabled for the vault, these privileges are available for each document type.

Document privileges

Privilege

Description

Add To Briefcase

Allows the user to add documents to a briefcase. For information on configuring briefcases, see Briefcases.

Note:

The View Content (document) privilege is also required.

Attach Hybrid Part

Allows the user to attach a hybrid part file to a hybrid main part document that is under change, either using drag and drop or, in the case of CAD documents, by saving the main part document with its native application when the application link is loaded. For information on creating hybrid document types, see Assign Document Types To Imported Files.

Change Document Type

Allows the user to change the document type of an existing document. It can be useful after a bulk import to assign the correct document types to each of the imported documents.

Be aware that changing the document type may mean that some properties are not displayed anymore if the new document type uses different property pages. However, the associated values for these properties are not lost; they are just not shown. For more information on document types, see Create And Edit Document Types.

Change Properties

Allows the user to edit the property values of documents.

Change Revision Number Manually

Allows the user to change the revision number of documents manually. For information on configuration revision numbers, see Configure Document Revision Numbers.

Change waiting list Allows the user with the privilege to change the priorities in the waiting list.

Confirm Superseded

Allows the user to confirm that a project copy is obsolete because the master document has changed since the project copy was made.

Confirm Merge

Allows the user to confirm that the changes that have been made to a project copy have been manually merged into the master document.

Convert to Hybrid

Allows the user to change the revision number of documents manually. For information on configuration revision numbers, see Configure Document Revision Numbers.

Copy Outside Vault

Allows the user to copy documents (including renditions) to outside the vault and download documents with PowerWeb.

Note:
  • Users also need the Edit in Application privilege to be able to download source documents with PowerWeb.
  • PowerWeb users need this permission to be able to view documents (except with server-based viewers) because a copy of the document is made outside the vault in the user's Local Workspace.

Copy With References

Allows the user to copy documents including all references. For more information on using references, see Reference Types.

Delete Hybrid Part

Allows the user to delete a part from its parent hybrid document. For information about configuring hybrid document types, see Configure Document Type General Options. Hybrid documents can also be created during import as described in Assign Document Types To Imported Files.

Derive With References

Allows the user to derive a new document from an existing document, including all references. For more information on using references, see Reference Types.

Detach Hybrid Part

Allows the user to detach (but not delete) a part from its parent hybrid document. For information about configuring hybrid document types, see Configure Document Type General Options. Hybrid documents can also be created during import as described in Assign Document Types To Imported Files.

Discard from Project

Allows the user to discard a project copy from a project folder. The project copy is destroyed along with all changes made to it and cannot be restored.

Draft Print

Allows the user to print documents using the viewer.

This privilege cannot prevent printing from Adobe Acrobat or Adobe Reader in Protected Mode.

Batch printing from Adobe Reader is not supported.

Edit In Application

Allows the user to edit a document in its native application.

Note:

This privilege is also required for the Replace Content, Release as Master Revision, and Lock Document commands in PowerWeb in addition to the other more directly related privileges. Similarly, documents are locked in the user's local workspace by the Download Document and Open commands in PowerWeb if the user also has this privilege.

Edit Redlines Of Other Users

Allows the user to edit redlines of other users. After changing the annotations of other users, the owner of the annotation is changed to the current user.

When a user makes an edit to the annotation of another user, the edit is recorded in the document log.

Important!

If you do not have roles defined in your vault, all users will have this privilege by default. If you do not want all users to have this privilege, create a role that has this privilege disabled, and then assign the role to all users in the fault.

Edit Redlines Outside Workflow

Allows the user to redline released documents.

Edit Rendition Redlines Outside Workflow

Allows the user to redline released document renditions.

Edit Retention Properties

Allows the user to edit the properties shown on the Retention property page.

Issue file name

Allows the user to use the Issue New file name command to rename the selected documents according to the calculation specified for their document type. For more information on calculating file names, see Create And Edit Document Types.

Note:

The Rename privilege is also required.

Link to Master

Allows the user to link a master document to a new document that was not copied from the master document.

Lock master document

Required to run the Lock Master Document command to prevent changes to the master document by document workflow or project copies.

Manually Synchronize Properties from File Controls whether the Synchronize Properties from File command appears in the user interface for the user. This privilege will not prevent changes made by a workflow transition.
Manually Synchronize Properties to File Controls whether the Synchronize Properties to File command appears in the user interface for the user. This privilege will not prevent changes made by a workflow transition.
Manually Synchronize References from File Controls whether the Synchronize References from File command appears in the user interface for the user. This privilege will not prevent changes made by a workflow transition.

Manually Update Rendition

Allows the user to manually replace the content of document renditions using drag-and-drop.

Rename

Allows the user to rename a document after it has been created.

Release as master revision

Required to run the Release as Master Revision command to create a new master document. This privilege should be granted in project folders.

Send to Portal

Allows the user to send the selected document to a project in Meridian Portal.
Set Layer Translation Table Allows the user to select the translation table to use for a particular document.

Show Revisions

Allows the user to view the revision history of documents.

Transfer to Next When using waiting lists and there is no active project copy, allows the user to make the project copy, which is next in the waiting list, the active project copy and set its priority to zero.

Unlock from Briefcase

Allows the user to unlock documents that have been checked out to a briefcase or locked to a package. For information on configuring briefcases, see Briefcases.

Unlock from Project

Allows the user to unlock documents that are locked in a project folder. For more information about project folders, see Project Definitions.
Update hotspots

Allows the user manipulate hotspots. With this privilege, the user can:

  • add
  • delete
  • move and resize
  • update

Update master document

Required to run the Release as Master Revision command to produce a new revision of an existing master document. This privilege should be granted in the master documents branch of the vault.

View Content

Allows the user to view documents in the viewer window. Use the View Rendition privilege to control access to document renditions.

Note:
  • This privilege is also required to add documents to a briefcase. If a user has not been granted this privilege but a rendition of the document exists, the rendition will be shown in the viewer.
  • This privilege is also required to download documents.

View Redlines

Allows the user to view redlines created using the viewer.

View Rendition

Allows the user to view renditions using the viewer. This privilege is also required to download renditions.

View Rendition Properties

Allows the user to view the Rendition property page.

View Rendition Redlines

Allows the user to view rendition redlines created using the viewer.

ClosedDocument References Privileges

Document references privileges control access to the custom reference types that you have created. For more information about created reference types, see Create And Edit Reference Types.

Document references privileges
Privilege Description

Create References Manually

When applied to the parent folder of a source document, allows the user to manually create references between the source document and other documents using the reference type.

ClosedFolder Privileges

Folder privileges control access to the folders to which the privileges have been assigned. Some of these privileges are only available for custom folder types.

Folder privileges

Privilege

Description

Assign Roles

Allows the user to assign other users to security roles for the folder. This privilege should be restricted to managers or administrators.

As soon as a role is assigned to a folder, access to that folder is restricted to the users that are assigned to that role. For more information on creating and using security roles, see Manage Security Roles.

Copy Document

Allows the user to copy existing documents in the folder.

Create Child Folder

Allows the user to create subfolders of the parent folder to which this privilege is assigned.

Note:

This privilege is also required for users to create documents that would result in the creation of a new folder in the Field-Path definition. For more information on the Field-Path definition, see Field-Path Definition.

Create Child Folder Manually

Allows the user to create subfolders manually.

Create Document

Allows the user to create documents in the folder.

Create Document from Script

Allows vault script to create documents on behalf of the user in folders of that type. An example of such scripting is the Document.MoveTo method that technically creates a new document object. This privilege is intended to support customization in which the user is not granted the Create Document privilege for the destination folder. This privilege is only available for custom folder types, not normal folders.

Create folder of this type

Allows the user to create folders of the custom folder type. The folder type is the name of the group in which the privilege appears.

Delete Child Folder

Allows the user to delete subfolders of the parent folder to which this privilege is assigned.

Delete Released Files from Shared Workspace

When the shared folder option Delete documents from workspace when released from workflow is enabled, this privilege allows the documents to be deleted if the user has not been granted the Delete Document privilege.

Create project copy from

Required to run the Create Project Copy and Create Project Copy and Lock commands on documents in the selected folder.

Create project copy in

Required to run the Create Project Copy and Create Project Copy and Lock commands with the selected folder as the destination.

Delete Document

Allows the user to delete documents from the folder.

Edit shared workspace settings

Allows the user to modify the options on the Sharing details group on the Folder tab of a folder that is configured as a shared workspace.

Link to Portal Project

Allows the user to link the current folder to a project in Meridian Portal.

List Content

Allows the user to view documents within the folder. A user that does not have this privilege cannot see the folder if the vault option Hide documents and folders from users with insufficient privileges is enabled.

If the user does not have this privilege to the root folder of the vault and the Hide vaults to which a user has no access option is enabled for the EDM Server in the Meridian Enterprise Administrator, the vault will be hidden for that user in all vault selection dialogs and in PowerWeb.

Move Away From Folder

Allows the user to move documents to a different folder.

Override Duplication Rules Defaults

Allows the user to override the Duplicator Default Action setting of document types when using the Copy with References or Derive with References commands. For more information on this setting, see Create And Edit Document Types.

Purge Document

Allows the user to use the Purge command to permanently destroy documents.

Rename

Allows the user to rename folders.

Undelete Child Folder

Allows the user to recover deleted subfolders.

Undelete Document

Allows the user to recover deleted documents.

Unlock Document For Others

Allow the user to unlock documents that have been assigned to other users.

ClosedLookup List Privileges

The lookup list privileges control access to edit the lookup lists configured for a vault. The Show object privileges option must be enabled for this privilege to be visible. For information about creating lookup lists, see Create And Edit Lookup Lists.

Lookup list privileges
Privilege Description

Can Type Unlisted Values

Allows the user to add new values to lookup lists when editing document properties in the Meridian client applications.

Edit

Allows the user to edit this lookup list in Configurator. Also allows the user to add new values to lookup lists when editing document properties in the Meridian client applications.

ClosedNavigation View Privileges

Access to each navigation view is controlled by its own Use Navigation View privilege. The Show Object Privileges option must be enabled for this privilege to be visible.

ClosedReport Privileges

Access to each report is controlled by its own Build Report privilege and affects the entire vault. The Show object privileges option must be enabled for this privilege to be visible.

ClosedScope Privileges

Access to each scope is controlled by its own Can Use privilege. The Show object privileges option must be enabled for this privilege to be visible.

ClosedShared Dynamic Collection Privileges

The shared dynamic collection privileges control access to create, delete, edit, and query the shared dynamic collections of a vault.

Shared dynamic collection privileges
Privilege Description

Create

Allows the user to create new shared dynamic collections.

Delete

Allows the user to delete existing shared dynamic collections.

Edit

Allows the user to edit existing shared dynamic collections.

Run Query

Access to each shared dynamic collection is controlled by its own privilege. The Show object privileges option must be enabled for this privilege to be visible.

ClosedTable Privileges

The table privileges control access to the values stored in a vault table.

Table privileges
Privilege Description

Get entries

Allows the user to retrieve entries from a table.

Update entries

Allows the user to update existing entries in a table.

Add entries

Allows the user to add new entries to a table.

Delete entries

Allows the user to delete entries from the table.

Note:

These privileges do not apply to the Vault.ExecSQL method.

ClosedVault Privileges

The vault privileges control access to data and commands that apply anywhere within a vault.

Note:

By default, users may still see the presence of vaults for which they have not been granted any privileges. They will be able to open them but they will not be able to see any documents. To hide a vault completely from vault selection dialog boxes, enable the Hide vaults to which a user has no access option of the EDM Server and do not grant the user the List Content privilege for the root folder of the vault.

Vault privileges

Privilege

Description

Advanced Document Properties

Allows the user to view all property data for documents in the Advanced Document Information dialog and to select from all properties in the Find dialog as described in Find. Users without this privilege are limited to the properties specified in the Preferred for Search column collection as described in .

Advanced Set Property Value

Allows the user to use the Set Property Value command in the Meridian client applications to set the property values of documents. As opposed to the Set Property Value privilege, this privilege allows the user to select the Ignore Validation Rules option of properties and to select from all possible properties, not just the default properties or the ones specified in the Set Property Value collection described in Configure Column Layouts.

Allow Subscriptions

Allows the user to subscribe to event notifications for documents.

Allow Management of Subscriptions of Others

Allows the user to manage the subscriptions of other users to event notifications for documents.

Change Briefcase Import Action

Allows the user to change the import action for documents in a briefcase.

Change Configuration

Allows the user to edit the vault configuration with Configurator. This privilege must be assigned to a role that is assigned to the root of a vault in order to edit the configuration.

Configure Views and Reports Allows the user to configure access to views and reports.

Create Baseline

Allows the user to create new baselines.

Delete Baseline

Allows the user to delete existing baselines.

Import Briefcase

Allows the user to import documents from a briefcase.

Rename Baseline

Allows the user to rename existing baselines.

Set Property Value

Allows the user to use the Set Property Value command in the Meridian client applications to set the property values of documents. This privilege imposes restrictions unlike the Advanced Set Property Value privilege.

Unlock From Briefcase

Allows the user to unlock documents that have been checked out to a briefcase.

Use Document Import Tool

Allows the user to use the Document Import Tool to import documents from a database. For information about the Document Import Tool, see Document Import Tool.

Use Web Access

Allows the user to log in to vaults with PowerWeb.

View Baseline

Allows the user to view baselines.

View Audit Log

Allows the user to view the vault's audit log.

ClosedWorkflow Privileges

The following privileges control access to workflow transitions and commands related to workflow states. These privileges apply to the workflows configured for document types. For more information on configuring document type workflow, see Configure Document Type Workflow.

Workflow privileges

Privilege

Description

Change Manager

Allows the user to assign a different workflow manager.

Change Released Document

Allows the user to change released documents.

Change To-Do Person

Allows the user to assign a different person to the current state of document type workflows.

Derive

Allows the user to use the Derive Document and Derive with References commands to create new documents.

Edit Redlines Inside Workflow

Allows the user to redline documents while the documents are in active workflows.

Edit Rendition Redlines Inside Workflow

Allows the user to redline document renditions while the documents are in active workflows.

Initiate

Allows the user to initiate workflows to create new revisions.

Release

Allows the user to release documents from workflows.

Note:

This privilege is required in order to save email messages in a vault with the Outlook link installed.

Release Quick Change

Allows the user to release documents from Quick Change workflows.

Note:

This privilege is also required for PowerWeb users to release Managed Change project copies.

Release Quick Change For Others

Allows the user to release documents that are in Quick Change workflows assigned to other users.

Replace

Allows the user to use the Replace Document and Replace with References commands to create new documents.

Retire

Allows the user to run the Retire transition to documents to the Retired state.

Review

Allows the user to run the transitions of the Review workflow state.

Revoke

Allows the user to revoke documents in active workflows.

Revoke Quick Change

Allows the user to revoke documents in Quick Change workflows.

Revoke Quick Change For Others

Allows the user to revoke documents that are in Quick Change workflows assigned to other users.

Start Quick Change

Allows the user to initiate Quick Change workflows for documents and to assign them to themselves.

Note:

This privilege is also required for PowerWeb users to create Managed Change project copies.

Start Quick Change For Others

Allows the user to initiate Quick Change workflows for documents and to assign them to other users.

Unretire

Allows the user to run the Unretire transition to route documents out of the Retired state.

ClosedWorkflow Definition Privileges

The following privileges control access to workflow transitions and commands related to project workflow states. These privileges apply to the workflows configured for project definitions. For more information on configuring project workflow, see Create a Project Workflow.

Workflow Definition Privileges
Privilege Description

Reassign

Required to reassign a workflow's project manager to another user.

Reroute within workflow

Required to reroute a workflow to a state that is normally invalid for the workflow.

Reroute within workflow from script

Required to reroute a workflow via VBScript to a state that is normally invalid for the workflow.

2022 R2