Access Controls ensure that the right content is visible to the right people. Access Controls are the cornerstone of setting up your distribution strategy for content. This article describes the best practices for setting Access Controls to determine who can see content in the Documoto Library.
Article Topics
- Getting Started
- Components of Access Controls
- Best Practices for Setting Access Controls
- Access Controls Inheritance Considerations
- Access Controls Overrides Considerations
Getting Started
Before assigning access controls for content, ensure that your organization structure, media categories, and user groups have been configured. You should have already established an organization strategy and defined the user roles that need to exist in Documoto before assigning access controls to your media.
If you need any help formulating an access controls strategy or need support setting up your organizations, categories, and user groups, contact your Documoto Customer Success Manager or Documoto Support at support@documoto.com.
Components of Access Controls
What a user can see in the Documoto Library is determined by:
- The organization the user belongs to
- The user group(s) that have been applied to that user
Organizations
- Define what specific content the user has access to
- They are also used to:
- Separate Pricing
- Customize the library
- Customize browse flows
User Groups
- Define what Categories the user has access to
- They are also used to:
- Establish user roles and privileges
The content that users can see in the Library is, therefore, dependent on the intersection or overlap of content that is applied to the Organization they belong to and the Media Categories their User Group(s) has access to.
Best Practices for Setting Access Controls
Access Controls allow a publisher to set who can view a media in the Documoto Library.
In order for media to be viewable in the Documoto Library for any user, it must have at least one Organization and at least one Media Category assigned in its Access Control settings.
Note: a media can be assigned to multiple Organizations and
multiple Media Categories
Access Controls Inheritance Considerations
Tip: Access Controls have reverse inheritance
If a child organization has access to a media, its parent organization will also have access to the media. Conversely, if a parent organization has access to a media, its child organizations will not be able to access the media (unless explicitly granted).
As a best practice, Access Controls should be set for the
lowest level organizations and access will be inherited up the
organization tree.
For example, in the screenshot below if you grant access to the Dealer B organization, the parent organizations (Dealers and IEC-MODEL) will also be granted access. However, Dealer B's sibling organizations (e.g. Dealer A, Dealer C, Dealer D) will not be granted access.
Access Controls Overrides Considerations
There are two areas where Access Controls can be overridden within the Documoto Library.
- When a User has Publisher privileges:
- Publishers do not, by default, see everything in the Library. Media must have Access Controls applied even for Publisher Users to search that content in the Library.
- Publishers can, however, change a URL and point to any content ID within the tenant from the Documoto Library and open it.
2. When an Organization has 'ignoreAccessControls' Library Settings override set:
- All users within that Organization can search and return results for all content, regardless of whether Access Controls are set on it.
- Non-Publisher users encounter an error when they try to open any content that does not have Access Controls.
- Publisher users are able to open content that does not have Access Controls set without encountering an error.