Securing parts of the vault configuration

By default, the configuration of a vault is secured two ways:

• General access to the Configurator program. Without this program installed on their PC or access to a different PC where it installed, no users can change any part of the configuration.
• The Change Configuration privilege described in Vault privileges. Within the Configurator program, this privilege grants the user access to change any part of the configuration.

You can also apply a third level of security only to parts of the vault configuration. You might want to do this if you want to delegate some vault configuration to others (for example, application link settings) without giving them access to all of the configuration settings.

You can apply this security to the branches (root level only) of the configuration tree in Configurator and to other important features:

• Document types

• Views

• Workflow definitions

• Folder types

• Project definitions

• Global search queries

• Reports

• Work area templates

• Extensions

• Reference types

• Property sets

• Pages

• Commands

• Tables and queries

• Lookup lists

• Scopes

• Environment

• Field-Path definition

• Script

By default, configuration branch security is disabled.

Configuration security provides the following levels of access:

• Read-write (RW) – View and change settings.
• Read-only (RO) – View but not change settings.
• No access (NA) – Settings are hidden.

You grant these levels of access to Meridian roles for specific features of the configuration.

To secure parts of the vault configuration:

1. In Configurator, expand Environment in the configuration tree and select Application Link Settings. The settings for each application link appear in property pages in the right pane.
2. Click the Application Integration tab. The Application Integration settings page appears in the right pane.

3. Click the Edit button to modify the settings.

   Tip To export the settings file to your computer, click the Export button. This can be useful if you would rather edit the file in your favorite text editor. You can then copy your changes to the Clipboard and paste them into Configurator.

4. Locate the section of the file titled [Configuration Branch Security]. Each line in this section corresponds to a branch in the configuration tree or a feature set in Configurator.
5. Remove the colon character at the beginning of the line that corresponds to the branch or feature that you want to secure.

6. At the end of the line, type the name of the Meridian role to which you want to grant access to that feature followed by the abbreviation (see the preceding list) for the access level that you want to grant to the role. Separate the role name from the access level abbreviation with a vertical bar character (|). To grant access to multiple roles, type additional role and access level pairs separated by commas as in the following example.

   Document Types=Admins|RW,Editors|RO,Viewers|NA

   In the this example for the Document Types branch, the role Admins is granted read-write access, the role Editors is granted read-only access, and the role Viewers is granted no access.

7. Click OK to save your changes.