Assigning collection and folder permissions
AX Server provides
permissions for each collection and folder in the Working directory and Library to
control what users can access and assist
you in meeting internal or regulatory security requirements.
Permission types
Permissions control which users have the following collection or folder access types:
- Read only the collection or folder contents can be viewed, opened, copied, or exported however the collection or folder cannot be modified in any way
- Full permissions the collection or folder can be viewed or modified in any way that the Analytics Exchange client applications support
- no access the collection or folder is hidden from the Server Explorer and AX Web Client home page
Inherited permissions
By default, folders inherit the permissions assigned to the parent collection. You can override these inherited permissions and assign specific folder-level permissions for more granular access control.
Library and Working directory access
The Library
Only users with the AX Server Administrator role can create collections in the Library. Once the collection is created, the administrative user can assign Read only or Full permissions to any AX Client user.
When a collection or folder is copied to the Library, any Full permissions assigned to non-administrative users are revoked and the users are granted Read only access unless the following conditions are all true:
- the copied item is a folder
- the non-administrative user has Full permissions to the parent collection in the Library
- the folder has the Inherit collection permissions setting enabled
The Working directory
All users can create collections in the Working directory and then assign permissions to other users.
User roles and application permissions
Collection and folder permissions interact with the user roles assigned in AX Server to define what an individual user can access and modify:
|
User role
|
Permissions
|
Administrative capabilities
|
|
AX Server administrator
(Administrator role)
|
- Administrator automatically has
“Full permissions” for all collections and folders in AX Server.
- Administrator’s collection or folder permissions cannot be
modified or removed by any other AX Server user
or administrator.
|
Administrator can grant, modify,
or remove collection or folder permissions for any regular user
(non-administrator). |
|
Creator of a collection or folder
(User role)
|
- Creator automatically has “Full permissions”
for the created collection or folder.
- Creator’s collection or folder permissions can be modified
or removed by any other user with “Full permissions” for the collection
or folder, unless the creator is an administrator.
|
Creator can grant, modify, or remove created
collection or folder permissions for any regular user (non-administrator). |
|
User
(User role)
|
- User can be granted “Read only”
or “Full permissions” for any collection or folder by any administrator,
or by any user who already has “Full permissions” for the collection
or folder.
- User’s collection or folder permissions can be modified or
removed by any other user with “Full permissions” for the collection
or folder.
- Once a user has been granted “Full permissions” for a collection
or folder, their permissions and administrative capabilities are
equivalent to the collection or folder creator’s.
|
- User with “Read only” permissions
for a collection or folder: cannot grant, modify, or remove any
permissions.
- User with “Full permissions” for a collection or folder:
can grant, modify, or remove permissions for any regular user (non-administrator).
|
Linked item permissions
The permissions required to work with linked items can be configured in two ways in AX Server:
- permissions required for the linked item only default setting with low configuration and administrative overhead
- permissions required for the linked item and the master item provides extra control over linked items and a single location to enable and disable access
For more information, see Linked item permissions.