Assigning collection and folder permissions

AX Server provides permissions for each collection and folder in the Working directory and Library to control what users can access and assist you in meeting internal or regulatory security requirements.

Permission types

Permissions control which users have the following collection or folder access types:

Read only the collection or folder contents can be viewed, opened, copied, or exported however the collection or folder cannot be modified in any way
Full permissions the collection or folder can be viewed or modified in any way that the Analytics Exchange client applications support
no access the collection or folder is hidden from the Server Explorer and AX Web Client home page

Inherited permissions

By default, folders inherit the permissions assigned to the parent collection. You can override these inherited permissions and assign specific folder-level permissions for more granular access control.

Library and Working directory access

The Library

Only users with the AX Server Administrator role can create collections in the Library. Once the collection is created, the administrative user can assign Read only or Full permissions to any AX Client user.

When a collection or folder is copied to the Library, any Full permissions assigned to non-administrative users are revoked and the users are granted Read only access unless the following conditions are all true:

the copied item is a folder
the non-administrative user has Full permissions to the parent collection in the Library
the folder has the Inherit collection permissions setting enabled

The Working directory

All users can create collections in the Working directory and then assign permissions to other users.

User roles and application permissions

Collection and folder permissions interact with the user roles assigned in AX Server to define what an individual user can access and modify:

User role	Permissions	Administrative capabilities
AX Server administrator (Administrator role)	Administrator automatically has “Full permissions” for all collections and folders in AX Server. Administrator’s collection or folder permissions cannot be modified or removed by any other AX Server user or administrator.	Administrator can grant, modify, or remove collection or folder permissions for any regular user (non-administrator).
Creator of a collection or folder (User role)	Creator automatically has “Full permissions” for the created collection or folder. Creator’s collection or folder permissions can be modified or removed by any other user with “Full permissions” for the collection or folder, unless the creator is an administrator.	Creator can grant, modify, or remove created collection or folder permissions for any regular user (non-administrator).
User (User role)	User can be granted “Read only” or “Full permissions” for any collection or folder by any administrator, or by any user who already has “Full permissions” for the collection or folder. User’s collection or folder permissions can be modified or removed by any other user with “Full permissions” for the collection or folder. Once a user has been granted “Full permissions” for a collection or folder, their permissions and administrative capabilities are equivalent to the collection or folder creator’s.	User with “Read only” permissions for a collection or folder: cannot grant, modify, or remove any permissions. User with “Full permissions” for a collection or folder: can grant, modify, or remove permissions for any regular user (non-administrator).

User role

Permissions

Administrative capabilities

AX Server administrator

(Administrator role)

Administrator automatically has “Full permissions” for all collections and folders in AX Server.
Administrator’s collection or folder permissions cannot be modified or removed by any other AX Server user or administrator.

Administrator can grant, modify, or remove collection or folder permissions for any regular user (non-administrator).

Creator of a collection or folder

(User role)

Creator automatically has “Full permissions” for the created collection or folder.
Creator’s collection or folder permissions can be modified or removed by any other user with “Full permissions” for the collection or folder, unless the creator is an administrator.

Creator can grant, modify, or remove created collection or folder permissions for any regular user (non-administrator).

User

(User role)

User can be granted “Read only” or “Full permissions” for any collection or folder by any administrator, or by any user who already has “Full permissions” for the collection or folder.
User’s collection or folder permissions can be modified or removed by any other user with “Full permissions” for the collection or folder.
Once a user has been granted “Full permissions” for a collection or folder, their permissions and administrative capabilities are equivalent to the collection or folder creator’s.

User with “Read only” permissions for a collection or folder: cannot grant, modify, or remove any permissions.
User with “Full permissions” for a collection or folder: can grant, modify, or remove permissions for any regular user (non-administrator).

Linked item permissions

The permissions required to work with linked items can be configured in two ways in AX Server:

permissions required for the linked item only default setting with low configuration and administrative overhead
permissions required for the linked item and the master item provides extra control over linked items and a single location to enable and disable access

For more information, see Linked item permissions.