To enhance the security of your most sensitive files, Activ allows you to make any folder within any Library Private. This adds an additional layer of security to the folder that overrides normal Library permissions, limiting access to the users that you specify. This means that users with permissions to the folder’s parent Library will only be able to view and modify a Private folder and its contents if they have the appropriate Access Rights (see below).
By default, Activ users have no Access Rights to Private folders. If a user has not been given access to a Private folder they will not see the folder or its contents even if they have ‘Admin’ permissions for the folder’s parent Library. In addition, if any of a Private folder’s files are linked to within a Process or Task (etc), the links will only be visible to users who have ‘Can View’ access to the Private folder. These links will be hidden from all other users. As such, it is important to review the Access Rights tab and assign the appropriate Access Rights to all users at the time that the folder is made Private.
It is important to note that only users with ‘Admin’ system permission for the folder’s parent Library can make a folder Private. For example, if the folder is in the Records Library only a user with ‘Admin’ system permissions for File Manager – Records Library will be able to make it Private. If the user has ‘Edit’ system permissions for File Manager – Records Library, they will not be able make folders Private within that Library. See System Permissions for more information.
It is also important to note that all subfolders (‘child’ folders) within a Private folder will be marked as Private and inherit the parent folder’s Access Rights (i.e. Access Rights cascade down from the parent folder to child folders). Child folders within Private folders have their own Access Rights tabs to display user access, but you cannot edit Access Rights for child folders. Only the parent folder’s Access Rights can be edited.
*****
To make a folder Private open the folder on its Details tab and click on the Edit button.
Change the Private?* flag’s dropdown menu to ‘Yes’ and then click Save.
A new Access Rights tab will become available. This tab contains a list of your system users and their current Access Rights to the Private folder. There are three levels of Access Rights available:
- Can View? – The user will be able to view to the folder’s content.
- Can Edit? – The user will have full ‘Edit’ rights to the folder’s content.
- Can Delete? – The user will have full ‘Admin’ rights to the folder’s content.
By default, all other users are assigned no Access Rights to the Private folder, meaning that they cannot view or modify the folder or its contents. To make changes to a users’ Access Rights, open the Access Rights tab and click on Edit.
The list of users will open for editing. Use the tick boxes in each column to assign Access Rights to the appropriate users, and then click Save.
Note that Can Edit? And Can Delete? will only become selectable once a user has been given Can View? rights to the folder.
A log is maintained of all changes to Access Rights, and this can be viewed on the Change Log sub-page of the Access Rights tab (see View the History of Changes to a Private Folder’s Access Rights – Change Log).
It is important to remember that the Access Rights given to a user for a Private folder will take precedence over the system permissions that the user has for the parent Library. For example, if a user has ‘Read Only’ system permission for Records but is given ‘Can Delete’ Access Rights to a Private folder in the Records module, they will be able to delete any file or subfolder that is within the Private folder. Conversely, if a user with ‘Admin’ system permission for Records only has ‘Can View’ Access Rights to a Private folder therein, they will be able to view the folder’s contents but will not be able to make any changes. Access rights to Private folders over-ride system permissions.
