Security in Docuo is configured at a basic level by assigning permissions for users and collaborators in folders and categories.
However, there is a third way to add restrictions that is very versatile to further refine security. The Control step of the category wizard allows us to set rules to control who can change the status of a document, who can view it, or who can modify it, based on a certain condition being met . Each control can be assigned to a series of Docuo users or groups to which it applies.
The Control step is used to create additional restrictions to the existing security in folders and categories. This means that if a user cannot perform an action (e.g. view or modify a document) because of folder or category permissions, a control cannot override this permission and make the user view or modify it.
The control must be understood as a final barrier, which is applied after all Docuo’s permission security, and which ultimately determines whether or not the user can perform a certain action.
Two types of access can be configured in the control:
- “Control that only“. It means that the control will only grant access to the users specified by this “barrier” (if they have already passed the folder and category security). The rest will not be able to pass.
- ” Prevent that “. It means that the control will deny access to the users specified by this “barrier”. The rest can pass.
The actions that can be controlled are:
- Control progress through a transition .
- Control the undo of a transition.
- View the documents in a state .
- Modify the documents in a state .
- View the documents that meet a condition .
- Modify the documents that meet a condition .
- Control a condition when saving a document.
There are some conditions that allow specifying a condition. These conditions allow the introduction of a conditional formula so that the control is produced according to the metadata of each document depending on whether or not the formula is fulfilled.
For example, if we want a certain group of users not to be able to see the documents that are of type “Confidential” we could establish a control like:
The condition would be a filter, of the same type that we can configure in the drop-down list fields to another category where we specify its conditions in T-SQL language:
In this way, when a user who belongs to the “EXTERNAL – Clients” group accesses a folder, the category itself or a query, they will not be able to see the documents of this category whose type is “Confidential”.