Work with security

Objects use security settings to control who can view or modify content and properties or, in Workplace, who can publish documents. Depending on your site settings, you can set security permissions when you add new objects, when you check in a document, when you publish a document in Workplace, or when you view information for an object. You must have the appropriate access permissions to view or change the security on an object.

You can also view security settings assigned to documents and folders within an integrated Microsoft Office 2007 application using Application Integration BCS. When you view details or properties for a document or folder, you can view the security settings assigned to the document. See Manage security for more information on permission descriptions.

Typically, security settings are created based on the class of the object, but settings can also be derived from an entry template, from a security policy, from folder inheritance, or from an external source, such as Records Manager. For example, when a user adds a new document, the security for the document is based on the security settings that the administrator sets for the document class. Depending on your site settings, you can explicitly set the security for a folder, a custom object, a document, or a search. Documents can use a security policy that consists of one or more security templates that define the security for a document class based on the document's state. For more information, see Set security permissions.

Property security

In addition to the security defined for an object, your administrator can define additional security for individual properties associated with the object's class. For example, you might have access rights to add a document to a specific folder and document class. When you set the properties for the document, property access masks might control the properties that you can edit, and might control which values you can see and select in a choice list for the property values. Your administrator defines these settings.

Access roles

Access roles control your access to views, advanced tools, and actions. Your administrator defines roles that allow or deny access to specific pages, modes, and commands. If you are not a member of a specific access role, and access to a feature is set to a specific role, you cannot access the feature.

For example, your department might only be concerned with adding new documents to an object store. In that case, your administrator can configure the Workplace application to display only the Browse primary view and the Author primary view pages for members of your group, or in the case of the Workplace XT application, only the Browse mode and Authoring section of My Workplace for members of your group. The appropriate wizards and secondary pages or modes would still be available. Your department members might also only see a subset of the available actions in Information pages and in menus.