Skip to main content
Folders and Documents access control

Access Control Levels for Documents

Julien Benoit avatar
Written by Julien Benoit
Updated this week

You will be able to find the access control menu in the right information menu if you have one or more document(s) and/or folder(s) selected in the documents section.

Here you will be able to see who has access to the document

Follow these steps to edit the access of one or more document(s) and/or folder(s)

  1. Select the document(s) and/or folder(s) you would like to configure the access for

  2. Open the right information menu

  3. Click on edit access

Access required: Full access

This article contains information about the following topics:

Access control dialogue

The access control dialogue can look something like this:

Access levels

There are four access levels defined.

The access that applies is the highest access that members have received either through user access or through access configured for any of their teams.

No Access

no access to the object.

Read

typical read only, no changing operations.

Write

able to edit and modify the object.

Full access

able to control all aspects of the object.

ISO 19650 Shared workflow

If you have the Shared status workflow activated you will see the columns "View shared revisions" and "Can publish" to the right of the access column.
This is what that can look like for different access settings:

The boxes in these columns can be checked dependent on the access setting.

No access

Neither shared revisions nor public revisions can be previewed or seen in the documents list if you do not have access to the document.

Read

Members with read access can be given permission to view shared revisions but will not be able to publish that shared revision

Write

Members with write access will always be able to view shared revisions and can be given access to publish the shared revision.

Full Access

Members with full access can both view and publish shared revisions

Define access for

Click this dropdown to select member(s) or team(s) you wish to configure access for.

Administrators

Administrators always have full access to everything in the project

Default: Full access

Single Users

If access is configured for a single user you will see them here.

This is a very specific access as it only applies for the configured user.

Default: Write access

Single user access compared to all users, team and owner access

The single user access will overwrite all other access the user may have received via the all users, team or owner access no matter if it is higher or lower.

Typical workflow

This access is the most secure as you are 100% sure that user has the right access but has to be reconfigured if another users takes over the role of another member in the project.

All users except x above

The all user access is a general access that is the least specific.

Default: Write access

All user access compared to single user access

If the all users access is different from the single user access, the single user access applies because a single user is more specific than all users.

All user access compared to team access

If the all users access is higher than the access of a team that the user is part of, the all users access applies because all users have been given access so it does not matter what access the team has.

If the all users access is lower than the access of a team that a user is part of, the team access applies because then the user's team gets access in addition to the access that all users have.

All user access compared to owner access

If the all users access is higher than the owner access, the all users access applies as the owner is one of the users in the project.

If the all users access is lower than the owner access, the owner access applies because the owner is more specific than the all user access.

Typical workflow

Typically this is changed to no access if you want to limit access to a document or folder for all users. It can then be overwritten by either the team or the single user access.

Teams

This access is more specific than the all user access but less specific than the user access.

Default: Write access

Team access compared to single user access

If a user is part of a team that has different access than the single user access, the single user access will be the access that applies. There will be a warning that the team access is overwritten for a team member.

Team access compared to all user access

If a user is part of a team that has higher access than the all user access, the team access applies because then the team gets access in addition to the typical access that all users have.

If a user is part of a team that has lower access than this access, the all user access applies because the team might not have been given access but all users have been given access so it does not matter what access the team has.

Team access compared to other team access

Members can be part of multiple teams. In this case the highest access they have received through any of their teams is applied.

Team access compared to owner access

If a user is part of a team that has higher than the owner access, the team access applies as the owner is a member of the team.

If a user is part of a team that has lower than the owner access, the owner access applies because the owner is more specific than the team access.

Typical workflow

It is recommended to set access per team rather than per user.

This allows for flexibility as members are often changing roles.

This is also a good option to use because you can invite members to teams.

The member will then be added to the right team as soon as they join the project so that they have the correct access right away.

The typical workflow is to deny all users access so new users that are not part of teams yet do not see sensitive information and then team access is set to give users access to the information they need.

Owner

Owner is defined as the person who Uploaded the file, or created the folder.

To allow for data privacy owners have full access to their own documents.

This means that someone who uploads a document has full control of it.

Default: Full access

Owner access compared to single user access

If any of the owner(s) of the selected document(s) and/or folder(s) has a different access in the single user access, the single user access will be the access that applies.

There will be a warning that the owner access is overwritten for a user.

Owner access compared to all users access

If any of the owner(s) of the selected document(s) and/or folder(s) has higher access than the access in the all users access, the owner access applies as the owner is more specific than the all user access.

If the owner(s) of the selected document(s) and/or folder(s) has lower access than the access in the all users access, the all users access applies as the owner is one of the users in the project.

Owner access compared to team access

If any of the owner(s) of the selected document(s) and/or folder(s) has higher access than the team access, the owner access applies as the owner is more specific than multiple members who could be part of a team.

If any of the owner(s) of the selected document(s) and/or folder(s) has lower access than the access of a team they are part of, the team access applies as the owner is part of the team with higher access.

Typical workflow

In the case of a submitted document this access is often changed so only the administrator has full access of the uploaded document.

Folder

The table below related the operations that can be performed on a folder to the access levels.

Operation

Read

Write

Full

View folder contents

x

Share folder

x

Create document in folder

x

Add folder in folder

x

Rename folder

x

Delete document in folder

x

Delete folder in folder

x

Move folder

x

Delete folder

x

Modify folder ACL

x

Document

The table below related the operations that can be performed on a file to the access levels.

Operation

Read

Write

Full

Link/Unlink objects

x

Edit Labels

x

Publish new document

Write access to the parent folder

Rename document

x

Create model

x if IFC and write access to creating and removing models in project settings

Remove model

x if IFC and write access to creating and removing models in project settings

Move document to another folder

x

Delete document

x

Modify ACL

x

Published revision

The table below related the operations that can be performed on a published revision to the access levels.

Operation

Read

Write

Full

Preview in Catenda Hub

x

Preview in Catenda Site

x

2D/3D viewer

x if IFC that is linked to model, Pointcloud or GML.

Share

x

Compare

x and a second published PDF revision present

Download

x

Withdraw

x

Add to collection

x

Draft Revision

The table below related the operations that can be performed on a draft revision to the access levels.

Operation

Read

Write

Full

Preview in Catenda Hub

x and read access to document drafts in project settings

x and document owner.

Preview in Catenda Site

-

-

-

Share

x

Download

x and read access to document drafts in project settings

Publish

x

Withdraw

x

Add to collection

-

-

-

Shared Revision

The table below related the operations that can be performed on a shared revision to the access levels.

Operation

Read

Write

Full

Preview in Catenda Hub

x and "View shared revisions" is checked

Preview in Catenda Site

-

-

-

Share

x

Download

x and "View shared revisions" is checked

Publish

x and "Can publish" is checked

Withdraw

x and "View shared revisions" is checked

Add to collection

-

-

-

Overwrite options

Folder and new content

Only sets permission on the folder, no sub elements. New elements will always inherit the access from the folder they are added to.

Folder and files

Only sets permissions on the folder, and the files that are directly in that folder. Sub-folders, or files in sub-folders will not be affected.

Folder and all subfolder and files

Sets the permissions on the folder, and all sub content of that folder, both folders and files

Did this answer your question?