How do I grant or permit access to a case database?
When you create a MasterFile database you must specifically grant access to other users and their access levels. You can grant access to individuals or to Domino groups.
A user or group is assigned one of the following levels. For small firms, as lawyers and staff perform many tasks, you may find assigning everyone the Administrator role is simplest.
Creator -- can read any profile, except profiles where [TheTeam] has been removed from the "Who can read this" field of the profile, plus the ability to create document, extract and fact profiles. "Creators" may optionally be granted rights to create, edit or delete keywords (i.e. issues, players, document types, etc.).
Senior User -- same as "Creator", plus ability to modify any document, extract or fact profile, except profiles where [SeniorUser] default group has been removed from the "Document managers" field.
Administrator -- full rights to all profiles (even those with specific "Document managers"). Ability to create and change keywords and access all administration functions EXCEPT: administering users, deleting databases, creating briefcases and locking briefcases/updating production history.
Full Administrator -- full access to all functions and all profiles. This is the database creator's level.
There are three more granular levels that are useful for specific situations.
Selective "read only" -- user can only read profiles for which permission has been explicitly granted in the "Who can read this" field of the profile.
Selective "editor" -- user can only read/edit profiles for which permission has been explicitly granted in the profile "manager" fields.
Regular "read only" -- user can read any profile, except profiles where [TheTeam] has been removed from the "Who can read this" field of the profile.
We recommend when MasterFile is installed, the following Domino groups are created on the MasterFile Domino server as a default:
- MF_Admin - usually the principals and main people responsible for the technical matters as its members
- MF_Create - everyone who will be creating databases and MF_Admin as its members
- MF_Users - everyone else
You can of course create other Domino groups to suit your situation.
- When you assign a group a specific user level, assigning an individual member of that group a higher or lower level will override the group level.
- You can not grant rights to people and groups in one step. You must grant those rights in two separate steps, once for people and once for groups, even if they are both being given the same level.
- You can also grant access to a Case Template. In that event, those users will be automatically granted the permissions set in the Case Template to case databases cloned from that template.
See also the short video Managing MasterFile users and security.
Open the database you want to grant access to.
From the right panel, [R+], click on Administration > User Administration.
User Administration is displayed. You can display context help by clicking and holding on any '?'.
I am granting Senior user access and permitting the ability to administer keywords. Since I will be adding individual user names and not a group, I set 'Group' to No and then click on the selector to choose their names.
The Names selector is displayed.
- The directory may say 'Local'. Click the arrow and select your firm's directory which will then be shown just as 'MFHS's Directory' is shown below. Your group and users' names will be displayed on the left.
- Select the users to whom you want to grant access.
- Click Add.
- Click OK.
On the User Administration screen, check that everything is correct and click OK.
Click Yes to confirm and the users are granted access.
A user granted access to a case must specifically open it the first time. See How do I open a case that's not on my Workspace?.
In this second example, I'm granting Administrator rights to the MF_Create group with the right to administer keywords and since I'm granting access to a group, "Group" is set to to Yes.
To change a user's or group's access level, delete the user first and then add the same users or groups with their new level.
Deleting users uses almost the same process.
- Click on [R+] > Administration > User Administration to display User Administration as explained above.
- Choose Delete users
- Click on the selector arrow to choose the names of the people or groups to delete.
Select the groups or people to delete. Here I'll delete the MF_Create group.
The selected entities to be deleted are displayed.
Click OK and they are removed. Those groups or people will no longer be able to access this case database.
You can check who has access to a database by looking at the database ACL.
Right click on the database icon and choose Application > Access Control.
NOTE if you change / alter anything on the ACL even by mistake your database may fail to function or you may get locked out of it and any technical support required to try and resolve the issue will be billed as professional services. ACL activity is at your own risk.
The ACL is displayed.
All entries in this window are system settings and should not be touched.
However, you can see there are two users with access: Test User1 and 2. Since these are people, their icon is a person unlike LocalDomainAdmins which is a group and its icon is a group of people. You can also see that Test User1's user type is set to Person. If it was a group, it would show Person Group.
MF_Create had been given access but I deleted the group in the step above so it no longer appears here.