Assigning security roles to a folder

Folder security may be inherited from its parent folder or explicitly defined for the folder. All of the role assignments for a folder and its sub-folders may be exported, cleared, and imported as a batch.

Notes

• If no roles are assigned to a vault, then no security restrictions are applied and everyone has full access to all documents in the vault. As soon as one role is assigned to the vault, that is the only role with access to the vault until other roles are assigned. We recommend that you first assign at least yourself to the role with the most privileges for the root level of the vault before assigning any other roles. This will prevent locking yourself out of the vault or from not being able to modify roles and role assignments. The role should have the Change configuration privilege in the Vault group and the Assign roles privilege in the Folder group.
• If Inherit from parent folder is enabled, the roles list is empty and the folder has the same role assignments as its parent, which might inherit its roles from its parent, and so on all of the way up the folder structure to the root of the vault.

For information on configuring security roles, see “About vault security” in the BlueCielo Meridian Enterprise Configuration Guide and “Understanding Meridian Enterprise role-based security” in the BlueCielo Meridian Enterprise Administrator’s Guide.

Before you begin

Assigning roles to a folder is typically reserved for system administrators who know what privileges have been enabled for each role in a vault. If you do not know the capabilities of each role, consult a system administrator before proceeding.

You must be a member of a group that has the Assign Roles privilege to do this.

To assign roles to a folder:

1. In the Explorer view of PowerUser, select the folder to which you want to assign roles.
2. Select Assign Roles from the Folder menu. The Assign Roles dialog box appears.
3. To disable role assignment inheritance and explicitly assign roles to the folder, disable Inherit from parent folder. The Add button becomes enabled.
4. Click Add. The Add User Role Assignment dialog box appears.
5. Select a role from Add to role.
6. To assign a group to the selected role, enable Group and type or select a group name from the adjacent list. To assign a user to the selected role, enable User and type or select a user name from the adjacent list.
7. Click Check Name to validate the selected name.
8. Click OK. The role assignment is added to the list.
9. Repeat steps 4 through 8 to assign more roles to the folder.
10. Select a role assignment and click Remove to remove the role assignment.
11. Click OK. The current role assignments are applied to the current folder.

To export the security assignments of the current folder and its sub-folders:

1. In the Explorer view of PowerUser, select the top-level folder from which you want to export roles.
2. Select Assign Roles from the Folder menu. The Assign Roles dialog box appears.

3. Click Export. The Save As dialog box appears.

4. Specify a location and filename for the file and click Save. The role assignments are exported.

   The assignments are saved in XML format. You can open the file in a web browser to view or print the information. The file contains a reference to an example XSLT file named security report.xslt that, if copied to the same folder with the output, will transform and format the output using the styles that are defined in the XSLT file. By default, the file is installed in the Meridian Enterprise folder at C:\Program Files\BC-Meridian\Program. You can modify the XSLT file to meet your own requirements. We recommend that you not modify the XML output file.

To remove all existing security assignments:

Note    If the vault has many roles assignments, this operation can take a long time (hours). We recommend that you perform this operation after production hours.

1. In the Explorer view of PowerUser, select the top-level folder from which you want to remove all role assignments.
2. Select Assign Roles from the Folder menu. The Assign Roles dialog box appears.
3. Click Clear. A confirmation dialog box appears.
4. Click Yes.The role assignments are removed.

To import role assignments from an XML file that was previously exported:

Notes

• If the XML file contains references to folders that do not yet exist in the current vault, the folders will skipped and not created automatically.
• The role assignments that are imported will replace all existing role assignments for each folder, not add to them. Be sure that no critical role assignments will be lost if you proceed.
• If the vault from which the XML file was created has many roles assignments, this operation can take a long time (hours). We recommend that you perform this operation after production hours.

1. In the Explorer view of PowerUser, select the top-level folder to which you want to import roles.
2. Select Assign Roles from the Folder menu. The Assign Roles dialog box appears.
3. Click Import. The Open dialog box appears.
4. Select the file that contains the role assignments that you want to import and then click Open. A confirmation dialog box appears.
5. Click Yes. The role assignments are imported.