Authority

A user's authority can be extended beyond the authority that is built into the user type of the user. Depending on the user type, up to six additional levels of authority can be given:
Create Users
An application group/folder/cabinet administrator or a user can be given the authority to add users to the system. By default, when a user is added to the system, the user that performs the add task automatically has the authority to perform all other tasks on the user. The tasks are update, delete, create a summary, and view properties. When a user is added, the system automatically gives the user with Create Users authority the permission to access and administer the newly created user. (See Permissions for information about permissions at the user level.) If the permissions are later taken away, then the user with Create Users authority no longer has access to the user or the authority to administer the user.

A user with Create Users authority is similar to a user administrator in that both can create users. However, they differ because a user with Create Users authority can access and administer only the users that they create, so long as their access and administrator authority is not taken away. Note: A user with Create Users authority cannot create or delete a system administrator, an application group/folder/cabinet administrator, or a user administrator or change the user type of a system administrator, an application group/folder/cabinet administrator, or a user administrator.

A user with Create Users authority also has the authority to perform copy and export tasks on a user because both tasks add a user. An export task involves two userids: one on the server where the user exists and one on the server where the user will be added. The userid on the server where the user will be added must have the authority to add a user.

Create Groups
A user administrator, an application group/folder/cabinet administrator, or a user can be given the authority to add groups to the system. The only other type of user that can add groups is a system administrator

By default, when a group is added to the system, the user with Create Groups authority is designated as the group owner. The group owner has the authority to perform all other tasks on the group. The tasks are update, delete, create a summary, and view properties. If the owner is changed to a different user or group, then the system automatically takes the authority to perform tasks on the group away from the user that originally created the group.

In general, a user has access to a group if the user is a system administrator, the owner of the group, a member of the group that has been designated as the owner, or a member of the group.

A user with Create Groups authority also has the authority to perform copy and export tasks on a group because both tasks add a group. An export task involves two userids: one on the server where the group exists and one on the server where the group will be added. The userid on the server where the group will be added must have the authority to add a group.

Create Application Groups
A user administrator or a user can be given the authority to add application groups to the system. By default, when an application group is added to the system, the user that performs the add task automatically has the authority to perform all other tasks on the application group. The tasks are update, delete, create a summary, and view properties. When the application group is added, the system automatically gives the user with Create Application Groups authority the permission to access and administer the newly created application group. (See Permissions for information about permissions at the application group level.) If the permissions are later taken away, then the user with Create Application Groups authority no longer has access to the application group or the authority to administer the application group.

A user with Create Application Groups authority is similar to an application group/folder/cabinet administrator in that both can create application groups. However, they differ because a user with Create Application Groups authority can access and administer only those application groups that they create, so long as their access and administrator authority is not taken away. An application group/folder/cabinet administrator can access and administer all of the application groups that are defined to the system.

Because applications are considered by Content Manager OnDemand to be part of an application group, the permissions for accessing and administering applications are defined by the permission for the application group. For this reason too, a user with Create Application Groups authority can also create applications for the application group.

A user with Create Application Groups authority also has the authority to perform copy and export tasks on an application group because both tasks add an application group. An export operation involves two userids: one on the server where the application group exists and one on the server where the application group will be added. The userid on the server where the application group will be added must have the authority to add an application group.

Create Folders
A user administrator or a user can be given the authority to add folders to the system. By default, when a folder is added to the system, the user that performs the add task automatically has the authority to perform all of the other tasks on the folder. The tasks are update, delete, create a summary, and view properties. When a folder is added, the system automatically gives the user with Create Folders authority the permission to access and administer the newly created folder. (See Permissions for information about permissions at the folder level.) If the permissions are later taken away, then the user with Create Folders authority no longer has access to the folder or the authority to administer the folder.

A user with Create Folders authority is similar to an application group/folder/cabinet administrator in that both can create folders. However, they differ because a user with Create Folders authority can access and administer only the folders that they create, so long as their access and administrator authority is not taken away. An application group/folder/cabinet administrator can access and administer all of the folders that are defined to the system.

A user with Create Folders authority also has the authority to perform copy and export tasks on a folder because both tasks add a folder. An export task involves two userids: one on the server where the folder exists and one on the server where the folder will be added. The userid on the server where the folder will be added must have the authority to add a folder.

Create Cabinets
A user administrator or a user can be given the authority to add cabinets to the system. By default, when a cabinet is added to the system, the user that performs the add task automatically has the authority to perform all of the other tasks on the cabinet. The tasks are update, delete, create a summary, and view properties. When a cabinet is added, the system automatically gives the user with Create Cabinets authority the permission to access and administer the newly created cabinet. (See Permissions for information about permissions at the cabinet level.) If the permissions are later taken away, then the user with Create Cabinets authority no longer has access to the cabinet or the authority to administer the cabinet.

A user with Create Cabinets authority is similar to an application group/cabinet administrator in that both can create cabinets. However, they differ because a user with Create Cabinets authority can access and administer only the cabinets that they create, so long as their access and administrator authority is not taken away. An application group/cabinet administrator can access and administer all of the cabinets that are defined to the system.

A user with Create Cabinets authority also has the authority to perform copy and export tasks on a cabinet because both tasks add a cabinet. An export task involves two user IDs: one on the server where the cabinet exists and one on the server where the cabinet will be added. The user ID on the server where the cabinet will be added must have the authority to add a cabinet.

Create Holds
A user administrator or a user can be given the authority to add holds to the system. By default, when a hold is added to the system, the user that performs the add task automatically has the authority to perform all of the other tasks on the hold. The tasks are update, delete, create a summary, and view properties. When a hold is added, the system automatically gives the user with Create Holds authority the permission to access and administer the newly created hold. (See Permissions for information about permissions at the hold level.) If the permissions are later taken away, then the user with Create Holds authority no longer has access to the hold or the authority to administer the hold.

A user with Create Holds authority also has the authority to perform copy and export tasks on a hold because both tasks add a hold. An export task involves two user IDs: one on the server where the hold exists and one on the server where the hold will be added. The user ID on the server where the hold will be added must have the authority to add a hold.