Controls Deny<\/strong>: “Prevent”.<\/li>\n<\/ul>\n\nThe controls seem symmetrical but they are not because the “Allow” control implies “deny the rest”, i.e., it is also restrictive.<\/p>\n\n
How is the control step combined with folder or category permissions?<\/h3>\n\n
The control step is designed to add additional restrictions<\/strong> to folder and category security. Therefore:<\/p>\n\n\n- If a document is not visible by folder and category security, the control step can NOT make the document visible.<\/li>\n\n\n\n
- If a document is not modifiable by folder and category security, the control step can NOT make the document modifiable.<\/li>\n<\/ul>\n\n
Tip<\/strong>: Design the security of your R2 Docuo repository with permissions on folders and categories. Use the control step to configure additional restrictions<\/strong> to these permissions.<\/p>\n\nCombination of several controls of different types affecting the same user<\/h3>\n\n
When there are several “Prevent that” controls or a single “Control that only” control, the result is clear. <\/p>\n\n
Tip<\/strong>: Try to define your restrictions with several “Prevent that” controls or with a single “Control that only” control.<\/p>\n\nHowever, it is possible to create controls of both types for the same user, in this case the “Control that only” controls will prevail over the “Prevent that” controls, but the reading is less clear. <\/p>\n\n
The steps Docuo follows to calculate whether the restriction applies or not, when several controls of both types affect the same action, are explained below:<\/p>\n\n
\n- The “Prevent” controls that apply to the user<\/strong> or a group of the user are searched for<\/strong>.\n
\n- If users or groups are specified:“Prevent USER from seeing document X<\/em>” \u2192 USER does not see it.<\/li>\n\n\n\n
- If neither users nor groups are specified:“Prevent ANYONE from viewing document X<\/em>” \u2192 the control is ignored.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- The “Control that only” controls that do not apply to the user<\/strong> or to any user group are searched for<\/strong>. Note that the “Control only” controls created for one user, are really a way to create “Prevent that” controls for the rest of the users<\/mark> that are not included in that control:\n
\n- If users or groups are specified:“Control that only John can see document X<\/em>” \u2192 USERS other than John do not see it.<\/li>\n\n\n\n
- If neither users nor groups are specified:“Control that only NO ONE can see document X<\/em>” \u2192 no user can see it.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- The <\/strong>“Control that only”<\/strong> controls <\/strong>that apply to the user<\/strong> or a group of the user are searched for <\/strong>.\n
\n- “Control that only USER can see document X<\/em>” \u2192 USER sees it (if he can see it because of permissions and folder security).<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Combination of the resulting controls<\/strong>. Once all the controls that apply to the user have been obtained, proceed as follows:\n
\n- If there are no “Prevent that” or “Control that only” controls \u2192 It is seen (if it can be seen by permissions and folder security).<\/li>\n\n\n\n
- If there are only “Prevent that” controls (come from step 1 or indirectly from step 2) \u2192 Not seen.<\/li>\n\n\n\n
- If there are only “Control that only” controls \u2192 It is seen (if it can be seen by permissions and folder security).<\/li>\n\n\n\n
- If there are both “Prevent that” controls (come from step 1 or indirectly from step 2) and “Control that only” controls that affect the user \u2192 It is seen (if it can be seen because of permissions and folder security).<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n
When is the control step applied?<\/h3>\n\n
The control step restrictions are calculated for each action, based on the folder and category permissions. <\/p>\n\n
Is there a difference between applying a control on a user or on one of the groups to which the user belongs?<\/h3>\n\n
Unlike the security in Folders and Categories, in the Control step there is no priority of the controls applied to a user <\/strong>over the controls applied to a group<\/strong> to which the user belongs. <\/p>\n\nHow efficient is the security of the control passage?<\/h3>\n\n
Folders and Categories security uses an internal cache to ensure performance. This means that a change in folder and category permissions may take a few minutes to apply, but once applied, it ensures optimal performance. <\/p>\n\n
On the other hand, the restrictions of the control step are calculated for each access, based on the resulting security of folders and categories. This means that:<\/p>\n\n
\n- The control step constraints are applied immediately (there is no delay to calculate a cache).<\/li>\n\n\n\n
- Control step constraints, if excessive or overly complex, can adversely affect the performance of R2 Docuo.<\/li>\n<\/ul>\n\n
<\/p>\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
The control step allows you to create two types of restrictions to prevent a user from viewing or modifying a document, even when folder and category security allows it. There are two types of controls (both restrictive): The controls seem symmetrical but they are not because the “Allow” control implies…<\/p>\n","protected":false},"author":1,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"content-type":"","footnotes":""},"ht-kb-category":[64],"ht-kb-tag":[],"class_list":["post-5128","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-control"],"yoast_head":"\n
How the "Control" step restrictions work for View and Modify permissions - R2 Docuo | Help center<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How the "Control" step restrictions work for View and Modify permissions - R2 Docuo | Help center\" \/>\n<meta property=\"og:description\" content=\"The control step allows you to create two types of restrictions to prevent a user from viewing or modifying a document, even when folder and category security allows it. There are two types of controls (both restrictive): The controls seem symmetrical but they are not because the “Allow” control implies...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/help.r2docuo.com\/en\/knowledge-base\/how-does-the-control-step-security-work-for-view-and-modify-permissions\/\" \/>\n<meta property=\"og:site_name\" content=\"R2 Docuo | Help center\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-16T14:00:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/help.r2docuo.com\/wp-content\/uploads\/2023\/06\/ILUDEST_CENTRODEAYUDA.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@R2Docuo\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/help.r2docuo.com\\\/en\\\/knowledge-base\\\/how-does-the-control-step-security-work-for-view-and-modify-permissions\\\/\",\"url\":\"https:\\\/\\\/help.r2docuo.com\\\/en\\\/knowledge-base\\\/how-does-the-control-step-security-work-for-view-and-modify-permissions\\\/\",\"name\":\"How the \\\"Control\\\" step restrictions work for View and Modify permissions - R2 Docuo | Help center\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/help.r2docuo.com\\\/#website\"},\"datePublished\":\"2024-02-21T10:06:56+00:00\",\"dateModified\":\"2025-10-16T14:00:12+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/help.r2docuo.com\\\/en\\\/knowledge-base\\\/how-does-the-control-step-security-work-for-view-and-modify-permissions\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/help.r2docuo.com\\\/en\\\/knowledge-base\\\/how-does-the-control-step-security-work-for-view-and-modify-permissions\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/help.r2docuo.com\\\/en\\\/knowledge-base\\\/how-does-the-control-step-security-work-for-view-and-modify-permissions\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/help.r2docuo.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How the “Control” step restrictions work for View and Modify permissions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/help.r2docuo.com\\\/#website\",\"url\":\"https:\\\/\\\/help.r2docuo.com\\\/\",\"name\":\"R2 Docuo | Help center\",\"description\":\"Todos los recursos para usuarios, administradores y desarrolladores de de R2 Docuo a tu alcance\",\"publisher\":{\"@id\":\"https:\\\/\\\/help.r2docuo.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/help.r2docuo.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/help.r2docuo.com\\\/#organization\",\"name\":\"R2 Docuo | Help center\",\"url\":\"https:\\\/\\\/help.r2docuo.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/help.r2docuo.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/help.r2docuo.com\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/ILUDEST_CENTRODEAYUDA.png\",\"contentUrl\":\"https:\\\/\\\/help.r2docuo.com\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/ILUDEST_CENTRODEAYUDA.png\",\"width\":1200,\"height\":630,\"caption\":\"R2 Docuo | Help center\"},\"image\":{\"@id\":\"https:\\\/\\\/help.r2docuo.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/R2Docuo\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/r2docuo\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How the \"Control\" step restrictions work for View and Modify permissions - R2 Docuo | Help center","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"How the \"Control\" step restrictions work for View and Modify permissions - R2 Docuo | Help center","og_description":"The control step allows you to create two types of restrictions to prevent a user from viewing or modifying a document, even when folder and category security allows it. There are two types of controls (both restrictive): The controls seem symmetrical but they are not because the “Allow” control implies...","og_url":"https:\/\/help.r2docuo.com\/en\/knowledge-base\/how-does-the-control-step-security-work-for-view-and-modify-permissions\/","og_site_name":"R2 Docuo | Help center","article_modified_time":"2025-10-16T14:00:12+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/help.r2docuo.com\/wp-content\/uploads\/2023\/06\/ILUDEST_CENTRODEAYUDA.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@R2Docuo","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/help.r2docuo.com\/en\/knowledge-base\/how-does-the-control-step-security-work-for-view-and-modify-permissions\/","url":"https:\/\/help.r2docuo.com\/en\/knowledge-base\/how-does-the-control-step-security-work-for-view-and-modify-permissions\/","name":"How the \"Control\" step restrictions work for View and Modify permissions - R2 Docuo | Help center","isPartOf":{"@id":"https:\/\/help.r2docuo.com\/#website"},"datePublished":"2024-02-21T10:06:56+00:00","dateModified":"2025-10-16T14:00:12+00:00","breadcrumb":{"@id":"https:\/\/help.r2docuo.com\/en\/knowledge-base\/how-does-the-control-step-security-work-for-view-and-modify-permissions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/help.r2docuo.com\/en\/knowledge-base\/how-does-the-control-step-security-work-for-view-and-modify-permissions\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/help.r2docuo.com\/en\/knowledge-base\/how-does-the-control-step-security-work-for-view-and-modify-permissions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/help.r2docuo.com\/"},{"@type":"ListItem","position":2,"name":"How the “Control” step restrictions work for View and Modify permissions"}]},{"@type":"WebSite","@id":"https:\/\/help.r2docuo.com\/#website","url":"https:\/\/help.r2docuo.com\/","name":"R2 Docuo | Help center","description":"Todos los recursos para usuarios, administradores y desarrolladores de de R2 Docuo a tu alcance","publisher":{"@id":"https:\/\/help.r2docuo.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/help.r2docuo.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/help.r2docuo.com\/#organization","name":"R2 Docuo | Help center","url":"https:\/\/help.r2docuo.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/help.r2docuo.com\/#\/schema\/logo\/image\/","url":"https:\/\/help.r2docuo.com\/wp-content\/uploads\/2023\/06\/ILUDEST_CENTRODEAYUDA.png","contentUrl":"https:\/\/help.r2docuo.com\/wp-content\/uploads\/2023\/06\/ILUDEST_CENTRODEAYUDA.png","width":1200,"height":630,"caption":"R2 Docuo | Help center"},"image":{"@id":"https:\/\/help.r2docuo.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/R2Docuo","https:\/\/www.linkedin.com\/company\/r2docuo"]}]}},"_links":{"self":[{"href":"https:\/\/help.r2docuo.com\/en\/wp-json\/wp\/v2\/ht-kb\/5128","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/help.r2docuo.com\/en\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/help.r2docuo.com\/en\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/help.r2docuo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/help.r2docuo.com\/en\/wp-json\/wp\/v2\/comments?post=5128"}],"version-history":[{"count":0,"href":"https:\/\/help.r2docuo.com\/en\/wp-json\/wp\/v2\/ht-kb\/5128\/revisions"}],"wp:attachment":[{"href":"https:\/\/help.r2docuo.com\/en\/wp-json\/wp\/v2\/media?parent=5128"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/help.r2docuo.com\/en\/wp-json\/wp\/v2\/ht-kb-category?post=5128"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/help.r2docuo.com\/en\/wp-json\/wp\/v2\/ht-kb-tag?post=5128"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}