Lesson 4: Working With Folders

Folder Editor

The Folder Editor allows you to add/delete/rename and organize your company folders. To get to the Folder Editor you will click on Settings->Folders in the menu. Once there you will be presented with a folder tree where you can right-click to perform actions on the folders. You may also drag/drop the folder to move them into other folders. To create a new root folder click on the blue New Folder button on the upper-right.

Folder Permissions Introduction

The Folder Permissions feature of SecureDocMan allows you the option of limiting access to certain folders. You can access the Folder Permissions by right-clicking a folder and selecting Edit.The available permissions are “Unassigned”, “Forbidden”, and “Allow”. By default the system sets all folders to "Allow" for your company. Until you change the Company Folder Default setting or specify individual folder permission rules it will continue to behave this way. Each time a user requests access to a document the system first checks to verify they have access to the folder containing the document. This access check also happens for the Document Tree on the dashboard, the document Filter section, and the section on the New Document page for folder selection.

A note about inheritance: If a parent folder is set up with specific permissions, any and all children of that parent folder will inherit the parents' permissions settings unless the child folder permissions have been set.

As an example: Lets say we have a parent and two children:

/ParentFolder
/ParentFolder/ChildFolder1
/ParentFolder/ChildFolder2

If we set our user "Joe" to "allow" on the ParentFolder then both ChildFolder1 and ChildFolder2 will inherit this permission setting that allows access to Joe. However, if we set "Joe" to "deny" on ChildFolder2 this folder will receive its own permissions and will be over-ridden with "deny". ChildFolder1 will still inherit from the parent with "allow" for Joe.

Adding to our first example: Lets say we add a third folder named ChildFolder3 underneath ChildFolder2 and add an allow for Joe. Because ChildFolder2 is the parent, and it has a deny for the user, no sub-folders will be accessible even if specifically allowed. This is similar to how a computer operating system behaves.

Company Settings

The first thing you want to do is verify the company settings for your Default Folder Permission is appropriate for your use-case. This setting will be the catch-all permission used if specific User or Group folder permissions are not found. The initial setting will be “Allow” and will allow all users access to all folders. Changing this option to “Forbidden” will do the inverse and cause all users and groups to be denied access to all folders in the system unless otherwise over-ridden at the folder level.

Folder Settings

Each folder allows for additional settings to optionally be applied that will allow you to perform the following:

• Add/Remove users from the Allowed/Forbidden permission
• Add/Remove groups from the Allowed/Forbidden permission
• If a user or group is in the Unassigned column for a folder it just means the system will look at the parents or the company Default Folder Permission to determine if the user has access to the folder.
• Click on the “allow” or “deny” links to set the appropriate permission for each user and group.
• Click on the email address of the user in the Allowed or Forbidden sections to un-set the permission back to Unassigned.

Example 1 - All users can access all folders except for one specific user

1. In company settings choose Allow for the Default Folder Permission
2. In the Settings->Folders page, right-click and select Edit on the folder you want to limit access on
3. Click on deny next to the user
4. Click “Update Folder"

Example 2 - All groups are denied access to folder named “Private” except a group I have called “Admins”

1. In the Folder page, edit the “Private" folder
2. Click deny for all groups, click allow for “Admins” group
3. Click “Update Folder"

Caveats

• A Batch Import creates new folders that will not contain any specific permissions so they will operate under the Default Folder Permission.
• You can accidentally lock users out of uploading documents if you do not provide them with access to at least one folder. In that case, the user will receive an error message when attempting to created a new document.