The default level of access that users of an object store get when they are added while running the object store wizard (in its Specify Initial User Groups page), is View Properties on folders and and View Content documents. A user must have View Properties access rights to see an item in an object store. If the user can see the item, the user can also see the item's properties and security.
To open an object store, users must have View Properties access to the root folder.
The following illustration from Workplace shows the Security View for a document called Timesheet. Note that a Security Policy is currently attached to the document and controls the default security for Timesheet. Check marks identify the Allow permissions that apply to each User and Group in the current security list.
The example is a representation of an access control list (ACL). Each row, called an access control entry (ACE), lists a user or group (in the Title column) and that user's or group's Allow access rights to the object.
TIP Move your cursor over any user or group display name to see the complete Distinguished Name for the specific user or group.
The following illustration shows you the current permission settings for HR Managers. Both permission for Owner Control and Publish are set at Implicit Deny. Check marks in the System Allow column show that the currently assigned Security Policy set these permissions to the allow mode.
System Notes are described in Manage Security.