Security Privilege Descriptions
There are many security privileges in Meridian. Privileges control access to document content, metadata, and redlines. They also control access to the commands that act upon documents. All privileges are effective regardless of the method with which the vault is opened, whether with one of the Meridian client applications or with Application Integration.
The topics that follow are organized according to object type and describe each privilege in more detail.
Asset Management Privileges
The Meridian asset management privileges are described in the following table.
Privilege | Description |
---|---|
Create Tags |
Required to create new tags in the vault. |
Edit Tag Assignments |
Required to create and delete references to tags. |
View Asset Management pages |
Required to view the Tags and Where Used property pages in the Meridian Enterprise client applications. |
Document Privileges
Document privileges control access to document data and commands within the folders to which the privileges have been assigned. If the Use Document Type Security option is enabled for the vault, these privileges are available for each document type.
Privilege |
Description |
---|---|
Add To Briefcase |
Allows the user to add documents to a briefcase. For information on configuring briefcases, see Briefcases. Note:
The View Content (document) privilege is also required. |
Attach Hybrid Part |
Allows the user to attach a hybrid part file to a hybrid main part document that is under change, either using drag and drop or, in the case of CAD documents, by saving the main part document with its native application when the application link is loaded. For information on creating hybrid document types, see Assign Document Types To Imported Files. |
Change Document Type |
Allows the user to change the document type of an existing document. It can be useful after a bulk import to assign the correct document types to each of the imported documents. Be aware that changing the document type may mean that some properties are not displayed anymore if the new document type uses different property pages. However, the associated values for these properties are not lost; they are just not shown. For more information on document types, see Create And Edit Document Types. |
Change Properties |
|
Change Revision Number Manually |
Allows the user to change the revision number of documents manually. For information on configuration revision numbers, see Configure Document Revision Numbers. |
Change waiting list | Allows the user with the privilege to change the priorities in the waiting list. |
Confirm Superseded |
Allows the user to confirm that a project copy is obsolete because the master document has changed since the project copy was made. |
Confirm Merge |
Allows the user to confirm that the changes that have been made to a project copy have been manually merged into the master document. |
Convert to Hybrid |
Allows the user to change the revision number of documents manually. For information on configuration revision numbers, see Configure Document Revision Numbers. |
Copy Outside Vault |
Allows the user to copy documents (including renditions) to outside the vault and download documents with PowerWeb. Note:
|
Copy With References |
Allows the user to copy documents including all references. For more information on using references, see Reference Types. |
Delete Hybrid Part |
Allows the user to delete a part from its parent hybrid document. For information about configuring hybrid document types, see Configure Document Type General Options. Hybrid documents can also be created during import as described in Assign Document Types To Imported Files. |
Derive With References |
Allows the user to derive a new document from an existing document, including all references. For more information on using references, see Reference Types. |
Detach Hybrid Part |
Allows the user to detach (but not delete) a part from its parent hybrid document. For information about configuring hybrid document types, see Configure Document Type General Options. Hybrid documents can also be created during import as described in Assign Document Types To Imported Files. |
Discard from Project |
Allows the user to discard a project copy from a project folder. The project copy is destroyed along with all changes made to it and cannot be restored. |
Draft Print |
Allows the user to print documents using the viewer. This privilege cannot prevent printing from Adobe Acrobat or Adobe Reader in Protected Mode. Batch printing from Adobe Reader is not supported. |
Edit In Application |
Allows the user to edit a document in its native application. Note:
This privilege is also required for the Replace Content, Release as Master Revision, and Lock Document commands in PowerWeb in addition to the other more directly related privileges. Similarly, documents are locked in the user's local workspace by the Download Document and Open commands in PowerWeb if the user also has this privilege. |
Edit Redlines Of Other Users |
Allows the user to edit redlines of other users. After changing the annotations of other users, the owner of the annotation is changed to the current user. When a user makes an edit to the annotation of another user, the edit is recorded in the document log. Important!
If you do not have roles defined in your vault, all users will have this privilege by default. If you do not want all users to have this privilege, create a role that has this privilege disabled, and then assign the role to all users in the fault. |
Edit Redlines Outside Workflow |
|
Edit Rendition Redlines Outside Workflow |
Allows the user to redline released document renditions. |
Edit Retention Properties |
Allows the user to edit the properties shown on the Retention property page. |
Issue file name |
Allows the user to use the Issue New file name command to rename the selected documents according to the calculation specified for their document type. For more information on calculating file names, see Create And Edit Document Types. Note:
The Rename privilege is also required. |
Link to Master |
Allows the user to link a master document to a new document that was not copied from the master document. |
Lock master document |
Required to run the Lock Master Document command to prevent changes to the master document by document workflow or project copies. |
Manually Synchronize Properties from File | Controls whether the Synchronize Properties from File command appears in the user interface for the user. This privilege will not prevent changes made by a workflow transition. |
Manually Synchronize Properties to File | Controls whether the Synchronize Properties to File command appears in the user interface for the user. This privilege will not prevent changes made by a workflow transition. |
Manually Synchronize References from File | Controls whether the Synchronize References from File command appears in the user interface for the user. This privilege will not prevent changes made by a workflow transition. |
Manually Update Rendition |
Allows the user to manually replace the content of document renditions using drag-and-drop. |
Rename |
Allows the user to rename a document after it has been created. |
Release as master revision |
Required to run the Release as Master Revision command to create a new master document. This privilege should be granted in project folders. |
Send to Portal |
Allows the user to send the selected document to a project in Meridian Portal. |
Set Layer Translation Table | Allows the user to select the translation table to use for a particular document. |
Show Revisions |
Allows the user to view the revision history of documents. |
Transfer to Next | When using waiting lists and there is no active project copy, allows the user to make the project copy, which is next in the waiting list, the active project copy and set its priority to zero. |
Unlock from Briefcase |
Allows the user to unlock documents that have been checked out to a briefcase or locked to a package. For information on configuring briefcases, see Briefcases. |
Unlock from Project |
Allows the user to unlock documents that are locked in a project folder. For more information about project folders, see Project Definitions. |
Update hotspots |
Allows the user manipulate hotspots. With this privilege, the user can:
|
Update master document |
Required to run the Release as Master Revision command to produce a new revision of an existing master document. This privilege should be granted in the master documents branch of the vault. |
View Content |
Allows the user to view documents in the viewer window. Use the View Rendition privilege to control access to document renditions. Note:
|
View Redlines |
Allows the user to view redlines created using the viewer. |
View Rendition |
Allows the user to view renditions using the viewer. This privilege is also required to download renditions. |
View Rendition Properties |
Allows the user to view the Rendition property page. |
View Rendition Redlines |
Allows the user to view rendition redlines created using the viewer. |
Document References Privileges
Document references privileges control access to the custom reference types that you have created. For more information about created reference types, see Create And Edit Reference Types.
Privilege | Description |
---|---|
Create References Manually |
When applied to the parent folder of a source document, allows the user to manually create references between the source document and other documents using the reference type. |
Folder Privileges
Folder privileges control access to the folders to which the privileges have been assigned. Some of these privileges are only available for custom folder types.
Privilege |
Description |
---|---|
Assign Roles |
Allows the user to assign other users to security roles for the folder. This privilege should be restricted to managers or administrators. As soon as a role is assigned to a folder, access to that folder is restricted to the users that are assigned to that role. For more information on creating and using security roles, see Manage Security Roles. |
Copy Document |
Allows the user to copy existing documents in the folder. |
Create Child Folder |
Allows the user to create subfolders of the parent folder to which this privilege is assigned. Note:
This privilege is also required for users to create documents that would result in the creation of a new folder in the Field-Path definition. For more information on the Field-Path definition, see Field-Path Definition. |
Create Child Folder Manually |
Allows the user to create subfolders manually. |
Create Document |
Allows the user to create documents in the folder. |
Create Document from Script |
Allows vault script to create documents on behalf of the user in folders of that type. An example of such scripting is the Document.MoveTo method that technically creates a new document object. This privilege is intended to support customization in which the user is not granted the Create Document privilege for the destination folder. This privilege is only available for custom folder types, not normal folders. |
Create folder of this type |
Allows the user to create folders of the custom folder type. The folder type is the name of the group in which the privilege appears. |
Delete Child Folder |
Allows the user to delete subfolders of the parent folder to which this privilege is assigned. |
Delete Released Files from Shared Workspace |
When the shared folder option Delete documents from workspace when released from workflow is enabled, this privilege allows the documents to be deleted if the user has not been granted the Delete Document privilege. |
Create project copy from |
Required to run the Create Project Copy and Create Project Copy and Lock commands on documents in the selected folder. |
Create project copy in |
Required to run the Create Project Copy and Create Project Copy and Lock commands with the selected folder as the destination. |
Delete Document |
|
Edit shared workspace settings |
Allows the user to modify the options on the Sharing details group on the Folder tab of a folder that is configured as a shared workspace. |
Link to Portal Project |
Allows the user to link the current folder to a project in Meridian Portal. |
List Content |
Allows the user to view documents within the folder. A user that does not have this privilege cannot see the folder if the vault option Hide documents and folders from users with insufficient privileges is enabled. If the user does not have this privilege to the root folder of the vault and the Hide vaults to which a user has no access option is enabled for the EDM Server in the Meridian Enterprise Administrator, the vault will be hidden for that user in all vault selection dialogs and in PowerWeb. |
Move Away From Folder |
Allows the user to move documents to a different folder. |
Override Duplication Rules Defaults |
Allows the user to override the Duplicator Default Action setting of document types when using the Copy with References or Derive with References commands. For more information on this setting, see Create And Edit Document Types. |
Purge Document |
Allows the user to use the Purge command to permanently destroy documents. |
Rename |
Allows the user to rename folders. |
Undelete Child Folder |
Allows the user to recover deleted subfolders. |
Undelete Document |
Allows the user to recover deleted documents. |
Unlock Document For Others |
Allow the user to unlock documents that have been assigned to other users. |
Lookup List Privileges
The lookup list privileges control access to edit the lookup lists configured for a vault. The Show object privileges option must be enabled for this privilege to be visible. For information about creating lookup lists, see Create And Edit Lookup Lists.
Privilege | Description |
---|---|
Can Type Unlisted Values |
Allows the user to add new values to lookup lists when editing document properties in the Meridian client applications. |
Edit |
Allows the user to edit this lookup list in Configurator. Also allows the user to add new values to lookup lists when editing document properties in the Meridian client applications. |
Navigation View Privileges
Access to each navigation view is controlled by its own Use Navigation View privilege. The Show Object Privileges option must be enabled for this privilege to be visible.
Report Privileges
Access to each report is controlled by its own Build Report privilege and affects the entire vault. The Show object privileges option must be enabled for this privilege to be visible.
Scope Privileges
Access to each scope is controlled by its own Can Use privilege. The Show object privileges option must be enabled for this privilege to be visible.
Shared Dynamic Collection Privileges
The shared dynamic collection privileges control access to create, delete, edit, and query the shared dynamic collections of a vault.
Privilege | Description |
---|---|
Create |
Allows the user to create new shared dynamic collections. |
Delete |
Allows the user to delete existing shared dynamic collections. |
Edit |
Allows the user to edit existing shared dynamic collections. |
Run Query |
Access to each shared dynamic collection is controlled by its own privilege. The Show object privileges option must be enabled for this privilege to be visible. |
Table Privileges
The table privileges control access to the values stored in a vault table.
Privilege | Description |
---|---|
Get entries |
Allows the user to retrieve entries from a table. |
Update entries |
Allows the user to update existing entries in a table. |
Add entries |
Allows the user to add new entries to a table. |
Delete entries |
Allows the user to delete entries from the table. |
These privileges do not apply to the Vault.ExecSQL method.
Vault Privileges
The vault privileges control access to data and commands that apply anywhere within a vault.
By default, users may still see the presence of vaults for which they have not been granted any privileges. They will be able to open them but they will not be able to see any documents. To hide a vault completely from vault selection dialog boxes, enable the Hide vaults to which a user has no access option of the EDM Server and do not grant the user the List Content privilege for the root folder of the vault.
Privilege |
Description |
---|---|
Advanced Document Properties |
|
Advanced Set Property Value |
Allows the user to use the Set Property Value command in the Meridian client applications to set the property values of documents. As opposed to the Set Property Value privilege, this privilege allows the user to select the Ignore Validation Rules option of properties and to select from all possible properties, not just the default properties or the ones specified in the Set Property Value collection described in Configure Column Layouts. |
Allow Subscriptions |
Allows the user to subscribe to event notifications for documents. |
Allow Management of Subscriptions of Others |
Allows the user to manage the subscriptions of other users to event notifications for documents. |
Change Briefcase Import Action |
Allows the user to change the import action for documents in a briefcase. |
Change Configuration |
Allows the user to edit the vault configuration with Configurator. This privilege must be assigned to a role that is assigned to the root of a vault in order to edit the configuration. |
Configure Views and Reports | Allows the user to configure access to views and reports. |
Create Baseline |
Allows the user to create new baselines. |
Delete Baseline |
Allows the user to delete existing baselines. |
Import Briefcase |
Allows the user to import documents from a briefcase. |
Rename Baseline |
|
Set Property Value |
Allows the user to use the Set Property Value command in the Meridian client applications to set the property values of documents. This privilege imposes restrictions unlike the Advanced Set Property Value privilege. |
Unlock From Briefcase |
Allows the user to unlock documents that have been checked out to a briefcase. |
Use Document Import Tool |
Allows the user to use the Document Import Tool to import documents from a database. |
Use Web Access |
Allows the user to log in to vaults with PowerWeb. |
View Baseline |
|
View Audit Log |
Allows the user to view the vault's audit log. |
Workflow Privileges
The following privileges control access to workflow transitions and commands related to workflow states. These privileges apply to the workflows configured for document types. For more information on configuring document type workflow, see Configure Document Type Workflow.
Workflow Definition Privileges
The following privileges control access to workflow transitions and commands related to project workflow states. These privileges apply to the workflows configured for project definitions. For more information on configuring project workflow, see Create a Project Workflow.
Privilege | Description |
---|---|
Reassign |
Required to reassign a workflow's project manager to another user. |
Reroute within workflow |
Required to reroute a workflow to a state that is normally invalid for the workflow. |
Reroute within workflow from script |
Required to reroute a workflow via VBScript to a state that is normally invalid for the workflow. |