Best Practices for Setting Access Controls

Access Controls ensure that the right content is visible to the right people. Access Controls are the cornerstone of setting up your distribution strategy for content. This article describes the best practices for setting Access Controls to determine who can see content in the Documoto Library.

Article Topics

• Getting Started
• Components of Access Controls
  • Organizations 
  • User Groups
• Best Practices for Setting Access Controls
• Access Controls Inheritance Considerations

Getting Started

Before assigning access controls for content, ensure that your organization structure, media categories, and user groups have been configured. You should have already established an organization strategy and defined the user roles that need to exist in Documoto before assigning access controls to your media. 

If you need any help formulating an access controls strategy or need support setting up your organizations, categories, and user groups, contact your Documoto Customer Success Manager or Documoto Support at support@documoto.com.

Components of Access Controls

What a user can see in the Documoto Library is determined by: 

1. The organization the user belongs to
2. The user group(s) that have been applied to that user

Organizations 

• Define what specific content the user has access to
• They are also used to: 
  • Separate Pricing
  • Customize the library
  • Customize browse flows

User Groups

• Define what Categories the user has access to
• They are also used to: 
  • Establish user roles and privileges

The content that users can see in the Library is, therefore, dependent on the intersection or overlap of content that is applied to the Organization they belong to and the Media Categories their User Group(s) has access to. 

Best Practices for Setting Access Controls

Access Controls allow a publisher to set who can view a media in the Documoto Library.

In order for media to be viewable in the Documoto Library for any user, it must have at least one Organization and at least one Media Category assigned in its Access Control settings. 

Note: a media can be assigned to multiple Organizations and 
multiple Media Categories

Access Controls Inheritance Considerations

Tip: Access Controls have reverse inheritance

If a child organization has access to a media, its parent organization will also have access to the media. Conversely, if a parent organization has access to a media, its child organizations will not be able to access the media (unless explicitly granted). 

As a best practice, Access Controls should be set for the 
lowest level organizations and access will be inherited up the 
organization tree.

For example, in the screenshot below if you grant access to the Dealer B organization, the parent organizations (Dealers and IEC-MODEL) will also be granted access. However, Dealer B's sibling organizations (e.g. Dealer A, Dealer C, Dealer D) will not be granted access.