General access control

Information items

Creating content in INTERAXO will always be in the form of a folder, an entry or a file and will hereafter be referred to collectively as information items. These items can be created by users who are assigned the role of Participant or higher.

Roles

As a member of a room in INTERAXO you are assigned one of the following roles. The roles represent a hierarchy that involves more rights the higher up you get:

 

Role
Description
Observer

This role represents the lowest level in the role hierarchy. Observers are not to create content, but will normally have read access to all information items in a room.

Participant Participants can create and share information items and add comments to other participants' items. Participants may also be given the option to edit elements.
Owner This is a dynamic role, which means that if a user creates an information item, for example a folder, then this user is assigned the Owner role for the folder. An owner can edit and delete their own information items, and modify access to them.
Administrator The Administrator role gives a user all rights to any information item in the system. An administrator can edit, move, and delete information items in the room, and also change the access to these. Administrators can invite and add new users and groups into a room.

 

Access levels

Access Levels in INTERAXO form a hierarchy such that the rights of a particular level include the rights of the underlying level. A role can have one of the following access levels in connection with an information item in the project:

Access rights Description
Read Basic Rights which provides access to read content in a room. Users with this access level can navigate the folder structure, see the access matrix for any information item, open folders and associated metadata, read metadata, event log and comments on entries and view files.
Add Allows user to add content to a room. The user can create any type of information items and thus becomes the owner of the objects he / she creates.
Edit Allows a user to interact around information items owned by others in that he / she can edit both content and metadata.
Delete The user can delete information items.

 

If a user does not have any of these access levels, it will mean that the current information element is invisible to him / her. 

Access control

General

In order to control who can do what with an information item we need to assign it an access control list. Any information item, i.e. folders, entries or files, can be assigned an access control list. When setting up an access control list, one can choose to use one of the 3 predefined access levels Share, Collaborate or Private. Alternatively, one can define a Custom access control list.
The most common access in INTERAXO is Collaborate, where members of the Participants group can create and edit items.

Custom access control list

A custom access control list can provide access rights to both named users and to user groups. To avoid unnecessary administration it is recommended to provide access to groups and not to individuals. A user's access will then be easily administered by placing him / her in the appropriate user groups.

Summary:

  • The owner has full access rights to his/her information items
  • Administrator has full access rights to all information items
  • Administrator and Owner can neverbe assigned less access rights
  • If aparticipantdoes not haveEditrights, he / she maybe awardedthisforselectedinformation items by theAdministratoror the Owner
  • Participantscan normallynotdeleteinformation items, butmay be grantedthis rightby the Administrator
  • Observers can neveradd, edit or delete information items
  • Observersand Participants can be assigned reduced access rights on selected information items

In addition, access to information items can be determined by other mechanisms in INTERAXO, eg. When an entry becomes a locked record that will be immutable.

Inheritance

When creating an information item it will inherit the access control list from its parent folder. A folder created at the highest level in the folder structure will inherit its access control list from the room.
In both cases this can be overridden or changed at a later stage. If an information item has inherited its access control list from the parent folder, this is indicated on the Access Control form.

If the access to an information element is changed, you are able to re-enable the inherited access:

Available functionality

The table below indicates which functions a user has access to according to his / her access level on the information item in question:

*) Allows the user to see the access control list for the information item. If the user has Delete access right to the item, he/she can also make changes to the access control list.

Have more questions? Submit a request

Comments

Powered by Zendesk