Security Privilege Descriptions
There are many security privileges in Meridian. Privileges control access to document content, metadata, and redlines. They also control access to the commands that act upon documents. All privileges are effective regardless of the method with which the vault is opened, whether with one of the Meridian client applications or with Application Integration.
The topics that follow are organized according to object type and describe each privilege in more detail.
Asset Management Privileges
The Meridian asset management privileges are described in the following table.
| Privilege | Description |
|---|---|
|
Create Tags |
Required to create new tags in the vault. |
|
Edit Tag Assignments |
Required to create and delete references to tags. |
|
View Asset Management pages |
Required to view the Tags and Where Used property pages in the Meridian Enterprise client applications. |
Document Privileges
Document privileges control access to document data and commands within the folders to which the privileges have been assigned. If the Use Document Type Security option is enabled for the vault, these privileges are available for each document type.
|
Privilege |
Description |
|---|---|
|
Add To Briefcase |
Allows the user to add documents to a briefcase. For information on configuring briefcases, see Briefcases. Note:
The View Content (document) privilege is also required. |
|
Attach Hybrid Part |
Allows the user to attach a hybrid part file to a hybrid main part document that is under change, either using drag and drop or, in the case of CAD documents, by saving the main part document with its native application when the application link is loaded. For information on creating hybrid document types, see Assign Document Types To Imported Files. |
|
Change Document Type |
Allows the user to change the document type of an existing document. It can be useful after a bulk import to assign the correct document types to each of the imported documents. Be aware that changing the document type may mean that some properties are not displayed anymore if the new document type uses different property pages. However, the associated values for these properties are not lost; they are just not shown. For more information on document types, see Create And Edit Document Types. |
|
Change Properties |
|
|
Change Revision Number Manually |
Allows the user to change the revision number of documents manually. For information on configuration revision numbers, see Configure Document Revision Numbers. |
| Change waiting list | Allows the user with the privilege to change the priorities in the waiting list. |
|
Confirm Superseded |
Allows the user to confirm that a project copy is obsolete because the master document has changed since the project copy was made. |
|
Confirm Merge |
Allows the user to confirm that the changes that have been made to a project copy have been manually merged into the master document. |
|
Convert to Hybrid |
Allows the user to change the revision number of documents manually. For information on configuration revision numbers, see Configure Document Revision Numbers. |
|
Copy Outside Vault |
Allows the user to copy documents (including renditions) to outside the vault and download documents with PowerWeb. Note:
|
Document References Privileges
Document references privileges control access to the custom reference types that you have created. For more information about created reference types, see Create And Edit Reference Types.
| Privilege | Description |
|---|---|
|
Create References Manually |
When applied to the parent folder of a source document, allows the user to manually create references between the source document and other documents using the reference type. |
Folder Privileges
Folder privileges control access to the folders to which the privileges have been assigned. Some of these privileges are only available for custom folder types.
|
Privilege |
Description |
|---|---|
|
Assign Roles |
Allows the user to assign other users to security roles for the folder. This privilege should be restricted to managers or administrators. As soon as a role is assigned to a folder, access to that folder is restricted to the users that are assigned to that role. For more information on creating and using security roles, see Manage Security Roles. |
|
Copy Document |
Allows the user to copy existing documents in the folder. |
|
Create Child Folder |
Allows the user to create subfolders of the parent folder to which this privilege is assigned. Note:
This privilege is also required for users to create documents that would result in the creation of a new folder in the Field-Path definition. For more information on the Field-Path definition, see Field-Path Definition. |
|
Create Child Folder Manually |
Allows the user to create subfolders manually. |
|
Create Document |
Allows the user to create documents in the folder. |
|
Create Document from Script |
Allows vault script to create documents on behalf of the user in folders of that type. An example of such scripting is the Document.MoveTo method that technically creates a new document object. This privilege is intended to support customization in which the user is not granted the Create Document privilege for the destination folder. This privilege is only available for custom folder types, not normal folders. |
|
Create folder of this type |
Allows the user to create folders of the custom folder type. The folder type is the name of the group in which the privilege appears. |
|
Delete Child Folder |
Allows the user to delete subfolders of the parent folder to which this privilege is assigned. |
|
Delete Released Files from Shared Workspace |
When the shared folder option Delete documents from workspace when released from workflow is enabled, this privilege allows the documents to be deleted if the user has not been granted the Delete Document privilege. |
|
Create project copy from |
Required to run the Create Project Copy and Create Project Copy and Lock commands on documents in the selected folder. |
Lookup List Privileges
The lookup list privileges control access to edit the lookup lists configured for a vault. The Show object privileges option must be enabled for this privilege to be visible. For information about creating lookup lists, see Create And Edit Lookup Lists.
| Privilege | Description |
|---|---|
|
Can Type Unlisted Values |
Allows the user to add new values to lookup lists when editing document properties in the Meridian client applications. |
|
Edit |
Allows the user to edit this lookup list in Configurator. Also allows the user to add new values to lookup lists when editing document properties in the Meridian client applications. |
Navigation View Privileges
Access to each navigation view is controlled by its own Use Navigation View privilege. The Show Object Privileges option must be enabled for this privilege to be visible.
Report Privileges
Access to each report is controlled by its own Build Report privilege and affects the entire vault. The Show object privileges option must be enabled for this privilege to be visible.
Scope Privileges
Access to each scope is controlled by its own Can Use privilege. The Show object privileges option must be enabled for this privilege to be visible.
Shared Dynamic Collection Privileges
The shared dynamic collection privileges control access to create, delete, edit, and query the shared dynamic collections of a vault.
| Privilege | Description |
|---|---|
|
Create |
Allows the user to create new shared dynamic collections. |
|
Delete |
Allows the user to delete existing shared dynamic collections. |
|
Edit |
Allows the user to edit existing shared dynamic collections. |
|
Run Query |
Access to each shared dynamic collection is controlled by its own privilege. The Show object privileges option must be enabled for this privilege to be visible. |
Table Privileges
The table privileges control access to the values stored in a vault table.
| Privilege | Description |
|---|---|
|
Get entries |
Allows the user to retrieve entries from a table. |
|
Update entries |
Allows the user to update existing entries in a table. |
|
Add entries |
Allows the user to add new entries to a table. |
|
Delete entries |
Allows the user to delete entries from the table. |
These privileges do not apply to the Vault.ExecSQL method.
Vault Privileges
The vault privileges control access to data and commands that apply anywhere within a vault.
By default, users may still see the presence of vaults for which they have not been granted any privileges. They will be able to open them but they will not be able to see any documents. To hide a vault completely from vault selection dialog boxes, enable the Hide vaults to which a user has no access option of the EDM Server and do not grant the user the List Content privilege for the root folder of the vault.
|
Privilege |
Description |
|---|---|
|
Advanced Document Properties |
|
|
Advanced Set Property Value |
Allows the user to use the Set Property Value command in the Meridian client applications to set the property values of documents. As opposed to the Set Property Value privilege, this privilege allows the user to select the Ignore Validation Rules option of properties and to select from all possible properties, not just the default properties or the ones specified in the Set Property Value collection described in Configure Column Layouts. |
|
Allow Subscriptions |
Allows the user to subscribe to event notifications for documents. |
|
Allow Management of Subscriptions of Others |
Allows the user to manage the subscriptions of other users to event notifications for documents. |
|
Change Briefcase Import Action |
Allows the user to change the import action for documents in a briefcase. |
|
Change Configuration |
Allows the user to edit the vault configuration with Configurator. This privilege must be assigned to a role that is assigned to the root of a vault in order to edit the configuration. |
| Configure Views and Reports | Allows the user to configure access to views and reports. |
|
Create Baseline |
Allows the user to create new baselines. |
|
Delete Baseline |
Allows the user to delete existing baselines. |
|
Import Briefcase |
Allows the user to import documents from a briefcase. |
Workflow Privileges
The following privileges control access to workflow transitions and commands related to workflow states. These privileges apply to the workflows configured for document types. For more information on configuring document type workflow, see Configure Document Type Workflow.
Workflow Definition Privileges
The following privileges control access to workflow transitions and commands related to project workflow states. These privileges apply to the workflows configured for project definitions. For more information on configuring project workflow, see Create a Project Workflow.
| Privilege | Description |
|---|---|
|
Reassign |
Required to reassign a workflow's project manager to another user. |
|
Reroute within workflow |
Required to reroute a workflow to a state that is normally invalid for the workflow. |
|
Reroute within workflow from script |
Required to reroute a workflow via VBScript to a state that is normally invalid for the workflow. |
