List of operation permissions
This table lists all permissions that can be granted in FormFlow. The table also includes the default assignment of these permissions to the preset administrator roles Security Administrator (SA), Entity Administrator (EA), Membership Administrator (MA) and Configuration Administrator (CA). The permissions are marked as follows: “e”=execute, “g”=grant and “r”=revoke.
| Permission | Description | SA | EA | MA | CA | ||
|---|---|---|---|---|---|---|---|
ARCHIVE_DELETE |
allows destroying archived entities outside a shredding procedure |
||||||
ARCHIVE_SHREDPROC_BASIC |
allows running operations related to a shredding procedure, except destruction |
||||||
ARCHIVE_SHREDPROC_SHREDDING |
Gives authorization to destroy objects in a shredding procedure |
||||||
ATTACHMENT_TEMPLATE_CREATE |
permission to create a form attachment template, can be set to ALL and FORM_TEMPLATE object types |
||||||
ATTACHMENT_TEMPLATE_MODIFY |
permission to modify form attachment template properties (name, file), can be set to ALL, FORM_TEMPLATE and FORM_ATTACHMENT_TEMPLATE object types |
||||||
ATTACHMENT_TEMPLATE_DELETE |
permission to delete a form attachment template, can be set to ALL, FORM_TEMPLATE and FORM_ATTACHMENT_TEMPLATE object types |
||||||
ATTACHMENT_TEMPLATE_SETUP |
permission to configure permissions to use a form attachment template, can be set to ALL, FORM_TEMPLATE and FORM_ATTACHMENT_TEMPLATE object types |
||||||
DEFERRED_CHANGES_ADMINISTRATION |
permission to deferred changes |
gr |
e |
||||
DOCUMENT_CLASS_CREATE |
permission to create a document class |
||||||
DOCUMENT_CLASS_DELETE |
permission to delete a document class |
||||||
DOCUMENT_CLASS_MODIFY |
permission to edit a document class |
||||||
DOCUMENT_METADATA_CREATE |
permission to create a new metadata item in a folder |
||||||
DOCUMENT_METADATA_DELETE |
permission to delete an existing metadata item in a folder |
||||||
DOCUMENT_METADATA_GUI_CREATE |
permission to create a metadata item placement in the user interface and set its properties |
||||||
DOCUMENT_METADATA_GUI_DELETE |
permission to delete a metadata item placement in the user interface |
||||||
DOCUMENT_METADATA_GUI_MODIFY |
permission to edit a metadata item placement in the user interface |
||||||
DOCUMENT_METADATA_MODIFY |
permission to edit a metadata item in a folder |
||||||
DOCUMENT_RANKING_CREATE |
permission to create a document rank |
||||||
DOCUMENT_RANKING_DELETE |
permission to delete a document rank |
||||||
DOCUMENT_RANKING_MODIFY |
permission to edit a document rank |
||||||
DOCUMENT_STATUS_CREATE |
permission to create a new document status |
||||||
DOCUMENT_STATUS_DELETE |
permission to delete a document status |
||||||
DOCUMENT_STATUS_MODIFY |
permission to edit a document status |
||||||
DOCUMENT_TEMPLATE_CREATE |
Authorizes the user to create an Office template for a document. |
||||||
DOCUMENT_TEMPLATE_DELETE |
Authorizes the user to remove an Office template for a document. |
||||||
DOCUMENT_TEMPLATE_MODIFY |
Authorizes the user to edit an Office template for a document. This means the user can rename the template, change its file, create or delete the document availability in a folder (if the user is authorized to view the folder), change the default metadata values in template availability in a document folder (there can be different default metadata values for every folder that the template is available in). |
||||||
DOCUMENT_TEMPLATE_SETUP |
Authorizes the user to grant and remove permissions to use an Office template in document folders. |
||||||
DOMAIN_CREATE |
permission to create a new domain in the system |
gr |
e |
||||
DOMAIN_DELETE |
permission to delete a domain in the system |
gr |
e |
||||
DOMAIN_LIST_SUBJECTS |
permission to view subjects in a domain (display a list) |
gre |
e |
e |
|||
DOMAIN_MODIFY |
permission to edit domain parameters |
gr |
e |
||||
FORM_TEMPLATE_CREATE |
permission to create a new document template |
||||||
FSUTIL_MANAGE_DBOBJECTS |
Authorizes the user to access the “Database objects creator” tab and operations related to database object administration. |
gr |
e |
||||
FULLTEXT_MAINTENANCE |
access to Fulltext Index Maintenance |
gr |
e |
||||
GRID_ADVANCED_PAGING |
buttons for paging entries in a grid include Go to the last page and Go to page |
gr |
gr |
||||
GRID_UNLIMITED_EXPORT |
Authorizes to export a list of DMS documents of any size, regardless of the limit on the number of entries. |
||||||
GROUP_ROLE_ADD_GROUPS_ROLES |
The subject authorized to run this operation on a specific group or role can add other groups/roles to the given group. Meaning they have a permission to create the relation “is member” between the group/role and any other group/role |
gr |
e |
||||
GROUP_ROLE_ADD_MYSELF |
permission to add oneself to a group/role |
gr |
e |
||||
GROUP_ROLE_ADD_USERS_BUT_ME |
permission to add another user (other than oneself) to a group/role |
gr |
e |
||||
GROUP_ROLE_CREATE |
permission to create a role or a group |
gr |
e |
||||
GROUP_ROLE_DELETE |
permission to delete a role or a group |
gr |
e |
||||
GROUP_ROLE_MODIFY |
permission to edit a role or a group |
gr |
e |
||||
GROUP_ROLE_MODIFY_DEFAULT_MEMBER |
permission to set the default member of a group/role |
gr |
e |
||||
GROUP_ROLE_MODIFY_IMM_SUP |
permission to set the manager |
gr |
e |
||||
GROUP_ROLE_REMOVE_GROUPS_ROLES |
permission to remove a group/role from a group/role |
gr |
e |
||||
GROUP_ROLE_REMOVE_USERS |
permission to remove a user from a group/role |
||||||
IMPORT_ATTACHMENTS |
permission to the operation of file scanning and extraction to FormFlow |
||||||
INSPECT_TRANSLOG |
permission to view the transaction log |
||||||
INVALID_TRANSMISSIONS_ADMIN |
permission to manage invalid transfers |
gr |
e |
||||
LTD_MANAGE_LTV_STATUS_UDAT |
Authorizes to run the operation “Change document status to: prepared for analysis” |
||||||
LTD_VIEW_FORM_BINARY |
Gives the user a permission above the standard FormFlow permission level to download a form attachment registered in the xg_udat table to analyze its signatures. For objects: \{ALL, FORM_FOLDER}. FORM_FOLDER – applies to forms in the given folder the user is allowed to read. |
||||||
LTD_VIEW_DOCUMENT_BINARY |
GIves the user a permission above the standard dg document permissions to download the latest document version to analyze its signatures. For objects: \{ALL, DOCUMENT_FOLDER}. DOCUMENT_FOLDER – applies only to documents in a folder the user is allowed to read. |
||||||
LTD_VIEW_FORM |
Permission to view the metadata of a form (a row in xg_udat), whose attachment is being preserved, or will be or was preserved. (An analogy to document metadata). Regardless of the view permission to the form itself. For objects: \{ALL, DOCUMENT_FOLDER}. |
||||||
LTD_VIEW_DOCUMENT |
Permission to view the metadata of a document that is, will be or was preserved, regardless of the view permission to view the document itself. For objects: \{ALL, DOCUMENT_FOLDER}. |
||||||
LTD_SWITCH_OFF_LTD_ACCEPT_DOCU |
Authorizes the user to set LTD_ACCEPT_DOCU from 1 to 0, regardless of permissions to metadata item LTD_ACCEPT_DOCU. For objects: \{ALL, DOCUMENT_FOLDER}. |
||||||
LTD_MANAGE_LTV_ACCEPT_UDAT |
Authorizes the user to set LTV_ACCEPT_UDAT (LTV Preserve) to any value.
|
||||||
LTD_MANAGE_LTV_RULE_EXCEPTION_UDAT |
Authorizes the user to set LTV_RULE_EXCEPTION_UDAT (Exception) to any value.
|
||||||
LTD_MANAGE_LTV_STATUS_CONV |
This permission authorizes the user to display the Conversion to PDF/A button on the Archive tab, with the ability to run a new attempt at conversion for files that ended with an error. |
gr |
|||||
MODIFY_ANONYMOUS_USER_SETTINGS |
permission to edit the settings for anonymous users |
gr |
e |
||||
MODIFY_NEW_USER_PROPS |
permission to edit new user properties |
gr |
e |
||||
MODIFY_PASSWORD_RESTRICTIONS |
permission to edit password restrictions |
gr |
e |
||||
MODIFY_USER_DISABLED_SETTINGS |
permission to User detail editability |
gr |
e |
||||
MODULES_ADMINISTRATION |
Permission to the module administration operation |
||||||
OBJECTS_EXPORT_IMPORT |
permission to export/import various objects |
||||||
REJUVENATE_AGED_FORMS |
permission to rejuvenate old finished filled-out forms |
||||||
LINK_ENABLE |
permission to view object relations; the user is authorized to view relations for all objects they are authorized to see |
||||||
LINK_MODIFY_MY |
permission to view object relations and modify the relations for own objects; the user is authorized to view relations for all objects they are authorized to see, and to create and delete user relations for all objects they have “on their desk” |
||||||
LINK_MODIFY_ALL |
permission to view and modify relations between objects; the user is authorized to view the relations, delete user relations and create new user relations for all objects the user is authorized to see |
||||||
RELATION_TYPES_ADMIN |
relation type administration |
||||||
RSM_SIGNING_ADMINISTRATOR |
remote signing administration |
||||||
RSM_SIGNING_USER |
Enables remote signing for users |
||||||
RSM_SIGNING_USER_MULTI |
Permission to request a multiannual PostSignum certificate renewal |
||||||
RSM_SIGNING_USER_POSTSIGNUM |
Permission to use PostSignum technology |
||||||
RSM_SIGNING_USER_SIGNMASTER |
Permission to use SignMaster technology |
||||||
SETUP_BULK_OPERATIONS |
permission to set bulk operations |
gr |
e |
||||
SETUP_CERTIFICATES |
permission to access the Certificate List item |
gr |
e |
||||
SETUP_DEFAULT_NOTIFICATION_MAILS |
permission to access the General Notification E-mails item |
gr |
e |
||||
SETUP_DOCUMENT_TEMPLATE_GROUPS |
permission to create, edit and delete groups of document templates. Permission to this operation can only be set for the object type ALL, meaning that any user with the EXECUTE permission can create, edit and delete any template groups |
gr |
e |
||||
SETUP_ENUM |
permission to list administration at “Administration > Application settings > Lists” |
||||||
SETUP_EXTERNAL_AUTHENTICATION |
permission to access the External Authentication item |
gr |
e |
||||
SETUP_FAS_SETTINGS |
permission to access the FAS item: FormApps Server settings for displaying forms in the web browser |
gr |
e |
||||
SETUP_FORM_AGING_SETTINGS |
OBSOLETE, NOT IN USE ANYMORE. Permission to access the form aging parameter configuration |
||||||
SETUP_GRID |
A user holding the EXECUTE permission for this operation is authorized to display and hide columns in grids; the operation gives access to the ribbon item Administration > System parameters > Grid administration |
||||||
SETUP_LANGUAGES_OF_DESCRIPTIONS |
permission to the languages page |
gr |
e |
||||
SETUP_LICENCES |
permission to the license page |
gr |
e |
||||
SETUP_LTD_AND_MARKS |
permission to set global qualified storage parameters in ADMINISTRATION > Long-Term Digital Archive, not in the Information section in the form template |
gr |
e |
||||
SETUP_MAIL_SETTINGS |
permission to set e-mail templates |
gr |
e |
||||
SETUP_NEW_OBJECTS_PRIVILS |
permission to set permission templates for new objects |
gre |
|||||
SETUP_RIBBON |
permission to access the Ribbon administration item |
||||||
SETUP_RULE_TEMPLATES |
permission to access the Rule template item |
gr |
e |
||||
SETUP_SEARCH_DEFAULTS |
permission to access the Search defaults item |
gr |
e |
||||
SETUP_SECURITY_SETTINGS |
permission to access the Security Parameters item: settings related to security, time limits, password validity… |
gr |
e |
||||
SETUP_SERVICES |
permission to access the Services item: background service configuration |
gr |
e |
||||
SETUP_SFLF |
permission to set the SFLF (disk store for attachments and documents) |
||||||
SETUP_SIGNATURES_IN_DOCUMENTS |
permission to access the Document Signatures in Process item |
gr |
e |
||||
SETUP_SUBJECTS_SYNCHRONIZATION |
permission to access the Synchronization Settings item: AD synchronization, … |
gr |
e |
||||
SETUP_SW602_INTERNAL_CA |
permission to set the internal Software602 CA |
gr |
e |
||||
SETUP_SYSTEM_SETTINGS |
permission to set other system parameters |
gr |
e |
||||
SETUP_ZR |
permission to edit the Basic Registry settings |
||||||
SHARE_ALL |
permission to share own documents and documents where the user is the processor. May edit sharings the user created on their own documents and the documents where the user is the processor (regardless of who created the sharing). |
||||||
SHARE_MODIFY_ALL |
permission to edit sharing of all documents the user is not created nor is the processor there but is allowed to see. It is a permission to edit any sharing. |
||||||
SHARE_MODIFY_MY |
permission to create a sharing for the documents where the user is the processor. For these documents, the user can also edit sharing created by themselves or by someone else. |
||||||
SYST_ANTIVIRUS |
permission to administer infected files |
gr |
e |
||||
USER_CREATE |
permission to create a new user |
gr |
e |
gr |
|||
USER_DELETE |
permission to delete a user |
gr |
e |
||||
USER_DISABLE |
permission to disable a user |
gr |
e |
||||
USER_ENABLE |
permission to enable a user |
gr |
e |
||||
USER_MODIFY |
permission to edit user parameters (except e-mail and password) |
gr |
e |
||||
USER_MODIFY_ABSENCE |
permission to set user absence |
gr |
e |
||||
USER_MODIFY_GLOBAL_SUBSTITUTE |
permission to set a global substitute |
gr |
e |
||||
USER_MODIFY_IMM_SUP |
permission to set the immediate superior |
gr |
e |
||||
USER_MODIFY_MAIL |
permission to edit user e-mail |
gr |
e |
||||
USER_MODIFY_PASSWORD |
permission to edit user password and certificate |
gr |
e |