Document access rights

Documents are instances of the document class. When first created they obtain initial security from the Default Instance Security ACL of their class.

Documents have the following security characteristics:

  • The first document version passes the same permissions to subsequent versions, all of which have source type of Default.
  • Each document version is independently secured by its own ACL.
  • Documents are the security parent of any annotations associated with them.
  • A document can have a folder as a security parent from which it will receive Inherit permissions.
  • A document can be associated with a security policy from which it will receive Template permissions. Security policies can be configured to place security on documents as they pass through various versioning states.

For security information about compound documents, see Compound document security.

Access rights defined

Table of document access rights
Full Control Minor Versioning Major Versioning Modify Properties View Properties Publish View Content
All access rights listed in the columns to the right and:
  • Modify security
  • Change owner
  • Delete the document
  • Check out a document
  • Check in a minor version
  • Cancel a checkout
  • Change state (promote and demote)
  • Check out a document
  • Check in a major version
  • Cancel a checkout
  • Modify property values
  • View properties and security
  • Publish the document
  • View content
Tip: The Unlink document access right is not included in any of Administration Console for Content Platform Engine's predefined levels. It can be assigned directly.

Initial security acquired from the document class

A document acquires its initial default security from its document class and, if the application's site preference allows it, the application user can modify the security. By default, the user who creates a document gets Full Control (also called Owner Control).

Modifying document class security has no effect on the security of existing documents.

Content element security

The document's content elements are not independently securable but can only be accessed through their document version. In effect, a document's content has the same security as the document. In Administration Console for Content Platform Engine, a document's security information appears on the Security page of its property sheet.

Browsing vs. searching

To navigate to a document by browsing, a user must have access to all folders and subfolders in the path to the document. By contrast, a search template checks only the document's security even if the search specifies a folder. This means that searches might allow a user to find documents that could not be found through browsing.