Managing Roles
Understanding Roles
A role is a named set of privileges. A role will have each individual privilege either granted or denied for that role so that that role becomes defined as the collective set of those privileges. For example, a role named Developers can be created and will have each of the privileges granted or denied. All users assigned to the Developer role will have the same set of privileges. Roles do not define access to content.
iManage Work Server implements a dynamic security model called Roles. Roles allow administrators to distribute access to document management functions selectively across an organization.
The following topics are available:
Creating Roles
Select Access > Roles application.
Click the Add icon to open Add Role page.
Figure: Add role
Privilege
Allowed Actions
Content
Import/Create
Allows the user to import documents into the library, or to create a document.
Checkout Documents
Allows the user to edit documents.
Checked out allows the user to edit the document, and check in returns the document to the library.
Unlock Documents
Allows the user to unlock a document checked out or are in use by the user.
Locked is a state that a document can get into when while it is checked out, the network accessing the document, or the computer hosting the document became unexpectedly unavailable. That document is marked as checked out but is unavailable. Unlocking it restores the last version in iManage Work and the document becomes available again.
Delete
Allows the user to remove documents from the library to which the user has full access. With journaling enabled, iManage Work Server maintains the deleted copies of the document.
Allow Full-Text Searches
Allows the user to perform full-text searches. This is a search within the content of documents. If this privilege is not granted, users can only search the metadata of a document, such as custom1, custom2, and so on.
Read Only
Limits the user to read-only access to documents.
Folder
Create Public Folder
Creates a public project folder. User can still create private folders and subfolders within security inherited from the parent folder.
Create Public Searches
Saves searches and mark them as public.
Administrative
Use iManage Work Import
Allows the user to access the bulk Document Import tool. The NRTADMIN group has this permission by default.
Use iManage Work Monitor
Allows the user to access the iManage Monitor to track library transactions. The NRTADMIN group has this permission by default.
Use iManage Work Administration
Allows the user to access users in INTERNAL_ADMIN, INTERNAL_USERADMIN, EXTERNAL_ADMIN, and EXTERNAL_USERADMIN groups in iManage Work (web client) to manage users, groups, and roles. The NRTADMIN group has this permission by default.
View Documents
Allows an NRTADMIN user to view private documents. This privilege applies only if the user is an NRTADMIN.
To allow an NRTADMIN user to view private documents, select Yes. To prevent an NRTADMIN user to view private documents, select No.
Tier 2
Grants tier 2-level privileges. Tier 2 privileges are intended for help desk and support team members and allows a high level of access that includes tier 1 privileges. See Tiered privileges.
Tier 1
Grants tier 1-level privileges. Tier 1 privileges are intended for help desk and support team members and allows an elevated level of access. See Tiered privileges.
Custom Metadata Management
Allows the user to add new values to the custom tables custom1-12 and custom29-30 while creating workSpaces.
To enable users to add new custom metadata values while creating workSpaces, they should be assigned to the Custom Metadata Management role.
Web Operations
Search Using Web
Allows the user to perform searches using iManage Work (web client). This setting is deprecated and should be left to its default of true.
Create WorkSpaces
Allows the user to creates new WorkSpaces.
Create Public WorkSpaces
Allows the user to create public WorkSpaces.
Delete WorkSpaces
Allows the user to delete WorkSpaces.
Enter the information for the new role and check the privileges you want to provide to this role. Refer the following tables for more details.
Table: Add Role Fields
Field
Description
Role
Name for the role.
Description
Additional information about this role.
External Role
Indicates if the role you want to create is for external users.
Privileges
The rights you would like to grant to the users who will be assigned this role.
Click Save.
Assigning Roles to Users
Select Access > Roles application.
Click the role to which you want to assign the users and a new Roles page opens.
Click to add users to this role.
Select the users to whom you want to assign this role and click Save. All the privileges available for this role are now assigned to the users.
Deleting Roles
Right-click the role you wish to delete.
Click Delete, and click Yes on the warning that appears. The role is deleted and all the associated users are automatically assigned a default role. This is Default, or if the user is external, Default_External.
The following roles cannot be deleted: Default, and Default_External.
Tiers
Tiers are predefined sets of privileges. There are three tiers, each designed to provide specific assistance to users.
Tier 1: Basic product support or help desk features.
Tier 2: Advanced product support or help desk features.
NRTADMIN: NRTADMIN is considered an iManage Work system administrator and includes the most complete access to all features.
Individual privileges within a tier set cannot be modified. For example, the Trash Permanently delete cannot be added to the tier 1 set, nor could a user be granted only the Trash Permanently delete privilege. In the same way, NRTADMIN cannot have the Trash Permanently delete privilege removed from its set.
The following table lists the privilege set for each tier.
Table: Tier privileges
Feature |
Tier 1 |
Tier 2 |
NRTADMIN |
Trash |
|||
Restore |
|
|
|
Permanently delete |
|
|
|
User |
|||
Create |
|
|
|
Lock/Unlock |
|
|
|
Reset Password |
|
|
|
Groups |
|||
Create |
|
|
|
Disable |
|
|
|
Copy |
|
|
|
Add members |
|
|
|
Roles |
|||
Create |
|
|
|
Add users |
|
|
|
Manage user privileges |
|
|
|
Documents |
|||
Search |
|
|
|
Check effective access |
|
|
|
History |
|
|
|
Workspaces |
|||
Search |
|
|
|
Check effective access |
|
|
|
Metadata |
|||
Add/Edit |
|
|
|
Delete |
|
|
|
Disable |
|
|
|
Captions |
|||
Edit |
|
|
|
Classes / Subclasses |
|||
Add |
|
|
|
Delete |
|
|
|
File Types |
|||
Add |
|
|
|
Edit |
|
|
|
Delete |
|
|
|
Applications |
|||
Add |
|
|
|
Edit |
|
|
|
Delete |
|
|
|
Templates |
|||
Add |
|
|
|
Edit |
|
|
|
Delete |
|
|
|
Copy |
|
|
|
Global |
|||
Edit |
|
|
|
Web Client |
|||
General |
|
|
|
Features |
|
|
|
Access |
|
|
|
Web Views |
|||
Edit |
|
|
|
Web Filters |
|||
Edit |
|
|
|
Web Context Menus |
|||
Edit |
|
|
|
iOS |
|||
Edit |
|
|
|
Add server |
|
|
|
Download |
|
|
|
Office |
|||
Create category |
|
|
|
Delete category |
|
|
|
Download category |
|
|
|
Extensions |
|||
Upload New |
|
|
|
Edit |
|
|
|
Delete |
|
|
|
Enable/Disable |
|
|
|
Reports |
|||
Download |
|
|
|