|
Security |
Scroll |
During installation an administrator and user group must be defined. These two groups are then added by default to Thereforeā¢.
The Admin group will by default have admin rights on the Thereforeā¢ object and all objects below.
The User group has typical read/write permissions on the Thereforeā¢ object and objects below. Note however, that on the Category object, in addition to the Read and Write permission sets this default User group also has one permission from the Delete set: "Delete document pages" and one from the Admin set: "Retention policy" (which allows a user to remove an individual document from a retention policy).
By default permissions are inherited by objects lower down in the hierarchy, but the inheritance can be broken if required.
For example if permissions on a group of HR categories should be different from the root category object, then a folder called "HR" could be created, and the HR categories moved to this folder. Then the inheritance on the HR folder could be broken and set as required. All categories in this folder would then inherit these permissions since they are still set to inherit permissions from their parent object. Another way of handling this would be to add a user or group and give them different permissions.
Be aware that using "Deny" will override "Allow". For example if a permission for a group is set to "Deny", but an individual user in that group has "Allow", then the user will have No access.
