Security settings are used to control who can view or modify content and properties or who can publish documents. Depending on your site settings, you can set security permissions when you add new documents, when you check in a document, when you publish a document, or when you view information. You must have the appropriate access permissions to view or change the security. See Manage security for more information on permission descriptions.
Typically, security settings are created based on the class of the document, but settings can also be derived from an entry template, from a security policy, from folder inheritance, or from an external source, such as IBM® InfoSphere™ Enterprise Records. For example, when a user adds a new document, the security for the document is based on the security settings that the administrator sets for the document class. Depending on your site settings, you can explicitly set the security for a folder, a custom object, a document, or a search. Documents can use a security policy that consists of one or more security templates that define the security for a document class based on the document's state. For more information, see Set security permissions.
In addition to the security defined for an document, your administrator can define additional security for individual properties associated with the document's class. For example, you might have access rights to add a document to a specific folder and document class. When you set the properties for the document, property access masks might control the properties that you can edit, and might control which values you can see and select in a choice list for the property values. Your administrator defines these settings.
Access roles control your access to views, advanced tools, and actions. Your administrator defines roles that allow or deny access to specific pages, modes, and commands. If you are not a member of a specific access role, and access to a feature is set to a specific role, you cannot access the feature.
For example, your department might be concerned only with adding new documents to an object store. In that case, your administrator can configure only the Browse mode and Authoring section of My Workplace for members of your group. The appropriate wizards and secondary pages or modes would still be available. Your department members might also only see a subset of the available actions in information pages and in menus.