Security Model
- Damith Samarakoon
- Usman Shahid
- Daniel Finn
Security in RIB CX is handled in two key ways
- Based on who is addressed on a Form
- Based on the Access Level you have on a Project
Based on Addressing
The Basic Security Rule
If you are not named on a document you may not access it.
For example, if a document is created by user AA-AA and addressed to BB-BB, then at this time only those 2 users are named on the document, so only those 2 users may access it. If the document is then copied to CC-CC then user CC-CC may now also access this document.
You may also add 'groups' to the Info of a document. The groups are:
- Other users: Anyone that the author of this document may address (as defined in the Who2Who Matrix) may access this document.
- A role: An entire role can be added as an info item which means any company belonging to that role and any user with the sufficient access level within that company can access this document
- An entire company: Anyone in company XX may access this company
- A group: See User Groups here
Tip: If a particular user or group should always be copied in on a particular document type you can create a /wiki/spaces/cxKB/pages/23203211 to force this user or group to be automatically included on any new documents.
Private Access
As an addition to addressing security - you may opt to add the keyword Private to a document. Or set it when the document is being issued.
When the Private Keyword is added to a document - Only people named on this document may read the document. Only the Author may add a new name to the addressing of this document. This document does not display in Searches unless you are named on the document.
The Security Options
Accessing a document even if you are not named on it.
The basic security rule is simple to understand and manage, however it does not always reflect the way documents are managed within a particular company. In some cases the basic rule is appropriate, but in other cases one of the following options might be better.
- No Special Access
The basic security rule (as explained above) determines access. - My peers or superiors may access
Each user is given an "Access Level" in their user profile. See below for more on Access Levels. When this option is enabled anyone in the same company at the same Access Level or higher, has permission to read the document.
For example: documents created by a user who has an Access Level of Staff can be read by a user of Access Level Staff or Manager. Documents created by a user of level Manager cannot be read by a user of level Staff.Note: this option is the default for Correspondence.
- Anyone in my company may access
Anyone in the same company as someone named on the document may access the document. For example, if user AA-AA is named on the document, then user AA-BB, AA-CC, etc may also access the document, regardless of their Access Level.Note: this option is the default for Transmittals, and the documents on the Document Register.
The options do not apply if a document has been tagged 'PRIVATE'.
User Access Levels For Forms
The following lists the standard Access Levels:
- Guest - can only view the list of documents in a Document list.
- Staff - only users who are Staff/Manager/Director can access documents their companies are named on.
- Manager - only users who are Manager/Director can access documents their companies are named on.
- Director - only users who are Director can access documents their companies are named on.
Note: most users are Staff/No Special Rights.
Each user is assigned an Access Level in their user profile (go to My Details in the Contacts Module). The Security options can be set for the whole project by Role (e.g. Consultant, Managing Contractor, Co-ordinating Consultant) and by Company.
The Company setting overwrites the Role setting.
Accessing Document Revisions in The Register
To determine if you have permission to download a particular revision of a file, the system checks if you were addressed on any Transmittals that included that file. Thus, the security is handled at the revision level, not at the document level.
Accessing Document Revisions in the Publication Space
Permission Level | Access rights |
---|---|
Can Access / Download | |
You can only access documents details where you have uploaded or been distributed at least one revision. | |
You can only access & download revisions where you have been distributed that specific revision. | |
NOTE: This does not follow the hierarchy, and cannot be granted at the folder level, it is determined based on distribution of revisions. | |
Can See | |
If you have this permission you can also see the documents in these folders which have not been distributed to you. | |
You can however not download, preview or access the document details page for documents that have not been distributed to you. | |
NOTE: Without this permission, you can still see documents which you have uploaded or been distributed at least one revision. |
Based on the Access Level you have on a Project
System-Level Access
The following System Access Levels can be set to restrict general access to the project:
- Restricted-cannot even login to the project.
- Unrestricted - can create and respond to correspondence; can upload/send files on transmittals.
- Company Administrator -can control access for their individual company.
- Project Administrator - default full system access
The Access Hierarchy
Access follows a hierarchy, (top to bottom)
- Project Admin
- Module Admins
- Company Admins
- Company Role
- Company
- User
When a user is set up as a Project Admin or a Module Admin, they will inherit the rights that level grants them automatically.
User Groups
Outside this order sits User Groups. Learn more about User Groups here