Every IS folder, document, and annotation has its own read access, write access, and append/execute access rights. For any item, each access right is assigned to one and only one user or group. Because you can assign only one group to an access right, the system administrator must carefully construct a group hierarchy.
For example, an item's security properties might look like this:
Read: |
Accounting |
Write: |
Auditors |
Append/execute: |
Auditors |
These security settings mean that members of the Accounting group can view the item. (Auditors are included in the Accounting group.) However, only Auditors can modify or delete the item. To add more users who can view the item, you would change the read access to the name of a group containing both the Accounting group and the additional users.
Every item acquires default access rights when it is created. You can modify the properties, including the access rights, of an object you create.
A new document inherits the access rights defined for the document class.
For a folder or annotation, all three access rights are set to the primary group of the user who created the folder or annotation. For a user without a primary group, the access rights are set to that user.
When you create an annotation, all three access rights are set to the primary group to which you belong.
Note
Every IS user belongs to a primary group, which is usually a group of users who perform the same job (such as Auditors).
An IS library defines the following special users and groups:
SysAdmin is the system administrator’s login name. SysAdmin can perform any operation and belongs to all other groups.
SysAdminG is a group whose members have read, write, and append/execute access rights to all folders, documents, and annotations.
AuditG is a group whose members have read access to all folders, documents, and annotations.
(ANYONE) is a group which includes every user. The name must be entered as shown here, with uppercase letters and the parentheses.
See also