System Level Security Asite System Administrators can manage Application level activities at System level
The Asite SaaS Platform is a multi-tenanted software solution that allows multiple parties to share and manage information across the internet. By virtue of its multi-tenanted nature, robust security is in place to ensure protection of user data. This is achieved using a hierarchical security model.
The User Access within Asite is controlled at two levels:
System Level Security
Asite System Administrators can manage Application level activities at
System level
Workspace Level Security
Administrators can manage access and security of a Workspace Site within Asite
1. System Level Security
System Privileges and their functionalities:
Privilege Name |
Description |
Functionality Impact |
| Manage Application Role Templates | Enables User Manage System Level Roles | If this privilege is not assigned the “Manage Application Role Templates” option is not visible in Drop-down List of “Admin”. |
| Assign Application Role | Enables User Assign Application Role | If this privilege is not assigned the “Assign Application Role” option is not visible in Drop-down List of “Admin”. |
| Manage Application Form Templates | Enables User Manage System Level Form Templates | If this privilege is not assigned the “Manage Application Form Templates” option is not visible in Drop-down List of “Admin”. |
| Manage Drawing Series | Enables User Manage System Level Drawing Series across Organisations | If this privilege is not assigned the “Manage Drawing Series” option is not visible in Dropdown List of “Admin”. |
| Manage Workspaces | Enables User Manage Workspaces across all Client organisations | If this privilege is not assigned the “Manage Workspaces” option is not visible in Drop-down List of “Admin”. |
| Manage User Subscription | Enables User Manage User level subscription information | If this privilege is not assigned the “Manage User Subscription” option is not visible in Drop-down List of “Admin”. |
2. Workspace Level Security
Graphical representation of how security can
be hierarchically managed within an Asite workspace
:
3. Accessing a Workspace :
A workspace is only accessible to users who have been assigned a “Role” on the workspace by another user. If a user has not been assigned a role on a workspace, the workspace is not visible in the workspace listing page and remains completely inaccessible. Having a role on a workspace does not mean that users have access to all of the information stored within the workspace. Access can be granted at a more granular level using roles and Access Control Layers and described in the remainder of this document.
At workspace creation, a workspace Administrator must be assigned who will be assigned the relevant permissions to amend and customize the security profile of the workspace and assign roles to other users.
Workspace Roles
It is possible to create an unlimited number of roles within a workspace. Roles have an associated set of workspace level privileges. As each user is assigned a role (as described in diagram above) roles can be used to quickly assign and edit privileges for groups of users.
Workspace Privileges and their functionalities:
Privilege |
Assigned to Workspace Administrator by Default |
Description |
Functionality Impact |
Allow Custom Distribution - All Org |
|
Enables User to distribute to Users of "Distribution Groups" AND "Companies". |
If this privilege is not assigned the “Companies” option is not visible in dropdown list at the Distribution page (Documents / Apps) showing all companies. |
Allow Custom Distribution - Own Org |
|
Enables User distribute to Users of "Distribution Groups" AND Own "Company" only. |
If this privilege is not assigned the “Companies” option will display in dropdown list at the Distribution page (Documents / Apps) only your own Company. |
Amend Folder Permissions |
|
Enables User reactivate deactivated Folders. |
If this privilege is not assigned, the “Reactivate Folder” option is not visible in the “Admin” dropdown list to enable reactivate Deactivated Folders. |
Assign Document Metadata |
|
Enables User edit the Document Metadata from the Document Basket / Document Audit History. |
The “Edit Document Metadata” icon at the Document Audit History page is visible only if the user has “Admin” rights in the folder in which the Documents are published OR User Role has privilege of “Assign Document Attributes” set to YES OR is the Publisher of the document. Similar validation is applicable to display selected documents at the Action Page of the "Assign Document Attributes" option from Document Basket. |
Assign Forms to Workspace |
|
Enables User assign App Templates to selected Workspace |
If this privilege is not assigned the “Apps – Assign to Workspace” option is not visible in dropdown list of“Admin”. |
Can Access Audit Information |
|
Enables User to View Document Audit History and view Workflow Instances listing in Workflows tab of Adoddle |
If this privilege is not assigned, Audit History will not be accessible along with Workflow Instances. |
Can Access Deactivated Documents |
|
Enables User access the deactivated documents within Folder / Subfolder. |
If this privilege is not assigned, logged in User cannot access deactivated documents at the listing pages. The criteria of "Inactive Docs" within advanced search is disabled with option of "Only Active Docs" pre-populated. "Reactivate Documents" icon will also not be visible at the listing page. |
Can Access Workspace Calendar |
|
Enable User access to workspace Calendar |
If this privilege is not assigned, the “Workspace Calendar”option is not visible on Workspace Home Page. |
Can Access Workspace Without Subscription |
|
Enable User access to workspace without Subscribe the Asite account |
If this privilege is not assigned, the User cannot get access to this Workspace without subscribing the Asite Account. |
Can Amend All Folder Permissions |
|
Enable User access to merge folder permission to Sub-folders |
If this privilege is assigned, the User can Overwrite / Merge Folder permissions and setting to all Sub-Folders. |
Can Assign Proxy Users |
|
Enables User assign Proxy Users to Online / Paper Users. |
If this privilege is not assigned the “Proxy Users” section is not visible at the Manage Workspace Roles and Users. |
Can Batch Change Status of Forms – All Forms |
|
Enables the Users to batch change status of all the Forms |
If this privilege is assigned, the User can change Form Status for all Forms. |
Can Batch Change Status of Forms - Own Forms |
|
Enables the Users to batch change status of Forms created by him/her only |
If this privilege is assigned, the User can change Form Status for Forms created by him/her only. |
Can be assigned Action - Change Status |
|
Enables User assign "For Status Change" action to users on a document distribution. |
If this privilege is not assigned the “For Status Change” action will not be visible at the Action dropdown at the Distribution page. |
Can Change Status |
|
Enables User change the Status of the Document |
If this privilege is not assigned the User will not be able to change the status of the document from the Listing and Audit History pages. |
Can Clear Actions - Organization |
|
Enables User clear incomplete actions for users of the logged in Organisations only (other than own actions). |
If this privilege is assigned, Incomplete Actions of logged in Users Organisation only can be cleared. However, the "Can Clear Actions - Workspace" privilege supercedes this. |
Can Clear Actions - Own |
|
Enables User clear incomplete actions for logged in user. |
If this privilege is assigned, Incomplete Actions of the logged in User can be cleared. |
Can Clear Actions – Workspace |
|
Enables User clear incomplete actions for users of the Workspace (across all Organisations (other than own)). |
If this privilege is assigned, Incomplete Actions of Users across all active Organisations of the Workspace can be cleared. |
Can Configure Document Numbering Scheme |
|
Enables User to construct Document Numbering or Naming Convention rules at Project or Folder Levels. |
The “Manage Doc Numbering Scheme” privilege in Admin option allows Administrators the ability to define multiple document reference rules at Project or Folder Levels. Rules can contain multiple labels (e.g. “Project, “Discipline”, “Doc Type”, etc), allowing complete flexibility in rules. Users are notified if their Document Reference does not adhere to the rules while publishing, and can amend the reference to match the rule. |
Can Create Comments |
|
Enable User to Create Comments on the documents on which User has access |
If this privilege is not assigned, the Add Comment icon will not be visible for the User, hence User will not be able to create a comment on any documents. |
Can Create Private Comments |
|
Enable User to Create Private Comments on the documents on which User has access |
If this privilege is not assigned, the Mark as Private checkbox will not be visible for the user while creating comments, hence User will not be able to create a private comment on any document. |
Can Deactivate all Forms |
|
Enables User deactivate the all the Forms |
If this privilege is assigned, the Users can deactivate Form for Users across all active Organisations of the Workspace. |
Can Deactivate Document Actions- All Orgs |
|
Enables User deactivate incomplete Document actions for users across all Organisations (other than own) |
If this privilege is assigned, Incomplete Document Actions of Users across all active Organisations of the Workspace can be deactivated. |
Can Deactivate Document Actions- Own Orgs |
|
Enables User deactivate incomplete Document actions of Users of logged in Organisation only |
If this privilege is assigned, Incomplete Document Actions of logged User can be deactivated. |
Can Deactivate Form Actions-All Org |
|
Enables User deactivate incomplete Form actions for users across all Organisations (other than own) |
If this privilege is assigned, Incomplete Form Actions of Users across all active Organisations of the Workspace can be deactivated. |
Can Deactivate Form Actions-Own Org |
|
Enables User deactivate incomplete Form actions of Users of logged in Organisation only |
If this privilege is assigned, Incomplete Form Actions of logged User can be deactivated. |
Can Deactivate Own Forms |
|
Enables User deactivate the Forms created by him/her only |
If this privilege is assigned, the User can deactivate Form of logged User. |
Can Deactivate Users from Workspace |
|
Enables User mark User Inactive on the Workspace. |
If this privilege is not assigned the Inactive option is disabled and users cannot be marked inactive on the Workspace by logged in user. |
Can Delegate Actions – Organization |
|
Enables User delegate incomplete actions of users of the logged in Organisation only (other than own). |
If this privilege is assigned, Incomplete Actions of logged in Users Organisation only can be delegated. However, the "Can Delegate Actions - Workspace" privilege supersedes this. |
Can Delegate Actions – Own |
|
Enables User delegate incomplete actions for logged in user. |
If this privilege is assigned, Incomplete Actions of the logged in User can be delegated. |
Can Delegate Actions – Workspace |
|
Enables User delegate incomplete actions of users of the Workspace (across all Organisations (other than own)). |
If this privilege is assigned, Incomplete Actions of Users across all active Organisations of the Workspace can be delegated. |
Can Download Documents |
|
Enable User access to download Documents |
If this privilege is not assigned, the “Download Documents”option is not visible on Workspace Home Page. |
Can Manage Configurable Attributes |
|
Enables User to construct Configurable Attributes at Project or Folder Levels |
The “Manage Configurable Attributes” privilege in Admin option allows Administrators the ability to define multiple document reference rules at Project or Folder Levels. Rules can contain multiple Attributes, allowing flexibility in rules. Users are notified if their Document Reference does not adhere to the rules while publishing, and can amend the reference to match the rule. |
Can Manage Model Object Lists |
|
Enable User access to create object list of cBIM model available in the wokspace (Project) |
If this privilege is assigned, the User can create object list of cBIM model available in the workspace. |
Can Manage Project Field |
|
Enable User to add site and manage defects in Field |
If this privilege is assigned, the User can add sites and locations to accordingly manage defects in Field |
Can Manage Project Models |
|
Enable User access to create cBIM model in the workspace (Project) |
If this privilege is assigned, the User can create new cBIM model in the workspace. |
Can Manage Project Models View |
|
Enable User access to create associate views of cBIM model available in the workspace (Project) |
If this privilege is assigned, the User can create associate views of cBIM model available in the workspace (Project). |
Can Move Own Files |
|
Enable User to move the Files that were published by him/her |
If this privilege is assigned, the User can move Files published by him/her in the Project |
Can Print Documents |
|
Enables the Users to print documents from basket and viewer |
If this privilege is assigned, the User can print documents from Basket and Viewer. |
Can Publish XRefs |
|
Enables the Users upload files with XRefs |
If this privilege is assigned, the Users can Upload files with XRefs. |
Can Reactivate Document Actions- All Orgs |
|
Enables User reactivate incomplete Document actions for users across all Organisations (other than own) |
If this privilege is assigned, Incomplete Document Actions of Users across all active Organisations of the Workspace can be reactivated. |
Can Reactivate Document Actions- Own Orgs |
|
Enables User reactivate incomplete Document actions of Users of logged in Organisation only |
If this privilege is assigned, Incomplete Document Actions of logged User can be reactivated. |
Can Reactivate Form Actions-All Orgs |
|
Enables User reactivate incomplete Document actions for users across all Organisations (other than own) |
If this privilege is assigned, Incomplete Form Actions of Users across all active Organisations of the Workspace can be reactivated. |
Can Reactivate Form Actions-Own Orgs |
|
Enables User reactivate incomplete Document actions of Users of logged in Organisation only |
If this privilege is assigned, Incomplete Form Actions of logged User can be reactivated. |
Can Re-open All Closed Forms - Admin |
|
Enables User re-open all closed Forms in the Workspace |
If this privilege is not assigned, the User cannot re-open all closed Forms in the Workspace. |
Can Re-open Closed Forms |
|
Enables User re-open the closed Form |
If this privilege is not assigned, the Users cannot re-open the closed Form. |
Can Share Search Views |
|
Enable User access to share search view with all Workspace users |
If this privilege is not assigned, the user cannot share the Search View with other Workspace users. All users of the Workspace can create Views but cannot share with others. |
Clear Comments |
|
Enables User clear Unread Comments for selected recipient. |
If this privilege is not assigned, Unread Comments icon will not be visible at the Comment Register / Deactivate User from Workspace pages. |
Create Parent Folders |
|
Enables User create new Folders at the Root Level |
If this privilege is not assigned the “Create New Parent Folders” icon will not visible in “All Workspace Documents" root level Folder. |
Deactivate Documents |
|
Enables User deactivate the document from the Document Basket only. |
Selected documents are permitted to be deactivated only if user has “Admin” rights in the folder in which the Documents are published OR User Role has privilege of “Deactivate Documents” set to YES. Else the selected documents will not visible in Action Page of Deactivate Documents. |
Edit Workspace Details |
|
Enable user to edit the Workspace Settings at the Workspace Level. |
If this privilege is not assigned the “Edit Workspace”option is not visible in dropdown list of “Admin”. |
Edit Workspace Form Settings |
|
Enables User edit the Workspace App Settings. User having this privilege will be able to "Add App" from the Projects tab in Adoddle. |
If this privilege is not assigned the “Apps – Manage Workspace Settings” option is not visible in dropdown list of “Admin”. Also, "Add App" option won't be available from the Projects tab in Adoddle. |
Manage Notices |
|
Enables User create / edit / deactivate/ reactivate Workspace Notices |
If this privilege is not assigned the “Manage Workspace Notices” option is not visible in Dropdown List of “Admin”. |
Manage Organization PlaceHolders |
|
Enables User Create, Edit, Distribute, Populate a Placeholder. The Placeholders created by organisation of logged in User only can be deactivated. |
If this privilege is not assigned, the logged in User will not be able to create / edit / distribute / populate / deactivate placeholders for active organisations on the Workspace other than the logged in user's organisation. The "Create New Placeholder" icon will not be visible at the Document Listing Page irrespective of having "Admin" permissions on the Folder. |
Manage Paper Documents |
|
Enables User Publish, Edit, Deactivate a Paper Documents within the Workspace (across all organisations active on the Workspace). |
If this privilege is not assigned, the logged in User will not be able to create / edit / deactivate paper documents across all active Organisations on the Workspace.. The "Publish Paper Document" icon will not be visible at the Document Listing Page irrespective of having "Admin" permissions on the Folder. |
Manage Purpose of Issue |
|
Enables User manage the Purpose of Issue at the Workspace Level |
If this privilege is not assigned the “Doc Purpose of Issue” option is not visible in dropdown list of“Admin”. |
Manage Workflow Rules |
|
Enables the Users to create and manage Adoddle Graphical Workflows |
If this privilege is assigned, the Users can Set Up and Manage Adoddle Graphical Workflows. |
Manage Workspace Attributes |
|
Enables User manage the Attributes at the Workspace Level |
If this privilege is not assigned the “Attributes – Assign to Workspace” option is not visible in dropdown list of “Admin”. |
Manage Workspace Distribution Groups |
|
Enables User manage the Distribution Groups at the Workspace Level |
If this privilege is not assigned the “Distribution – Assign to Workspace” option is not visible in dropdown list of “Admin”. |
Manage Workspace Document Status |
|
Enables User manage the Attributes at the Workspace Level |
If this privilege is not assigned the “Doc. Status – Assign to Workspace” option is not visible in dropdown list of “Admin”. |
Manage Workspace Drawing Series |
|
Enables User manage the Drawing Series at the Workspace Level |
If this privilege is not assigned the “Drawing Series – Assign to Workspace” option is not visible in dropdown list of “Admin”. |
Manage Workspace Form Status |
|
Enable User manage the Form Status at Workspace Level |
If this privilege is not assigned, logged in user will not be able to create New Custom Form Status available in Manage Statuses option. |
Manage Workspace Mailbox |
|
Enable user manage the Mailbox at the Workspace Level |
If this privilege is not assigned the “Manage Workspace Mailbox” option is not visible in dropdown list of "Admin". |
Manage Workspace PlaceHolders |
|
Enables User Create, Edit, Distribute, Populate, Deactivate a Placeholder within the Workspace (across all organizations active on the Workspace). |
If this privilege is not assigned, the logged in User will not be able to create / edit / distribute / populate / deactivate placeholders across all active Organisations on the Workspace. The "Create New Placeholder"icon will not be visible at the Document Listing Page irrespective of having "Admin" permissions on the Folder. |
Manage Workspace Roles and Users |
|
Enables User assign Roles to Users in the Workspace |
If this privilege is not assigned the “Manage User Role Membership” option is not visible in dropdown list of “Admin”. |
Manage Workspace Rules |
|
Enables the Users to setup and manage workflow rules while publishing/revising documents and status change |
If this privilege is assigned, the Users can setup and manage workflow rules while publishing / revising documents and status change. |
Access Control Layers (ACLs)
Asite Collaboration application includes an Access Control Layer mechanism which allows Administrators to define permissions to Objects within a Workspace (i.e. Folder, Form Type etc) at the following levels:
Default
Roles
Organisations
Users
Access to an Object is derived based on permissions defined in the following sequence:
User >> Organisation >> Roles >> Default
Folder Level Access Control Layers
Asite Collaboration provides a fully configurable document management system wherein folders / sub-folders can be configured as per Workspace requirements. The Access Control Layer can be defined on a per-folder basis and defines a user’s privileges in a given folder.
Following privileges can be defined within the ACL for a folder within Asite :
Available Folder level privileges
Privilege Name |
Functionality |
No Access |
Restricts user from being able to view the folder or it’s contents |
View Only |
Users can only view the folder and the documents stored within the folder. |
View & Download |
Users can view the folder, view and download documents stored within the folder as well as print and export search result lists. |
View & Link |
As “View” privilege with the addition of the ability to link documents stored in the folder to other modules / Workspaces / folders as required. |
Publish |
Users can view the folder, view and download documents stored within the folder as well as print and export search result lists. In addition, users can upload “Standard Documents” to the folder. Providing the relevant Workspace settings and privileges are available users can also Publish “Document Placeholders”, “Paper Documents” and “IFC Building Information Models” to the folder. |
Publish & Link |
As “Publish” privilege with the addition of the ability to link documents stored in the folder to other modules / Workspaces / folders as required. |
Admin |
As “Publish and Link” privilege with the addition of the ability to undertake the following activities on the folder or folder contents:
|
For folders, the ACL can be defined at Default, Role and User Levels.
Asite Collaboration provides a fully customisable form module enabling users design, configure and manage their Workflow processes. The Access Control Layer for Apps can be defined at App Type level allowing control of whether users can create or view certain types of Apps independently.
Following are the privileges that can be defined within the ACL for an App Type within Asite.
Available Form Type level privileges
Privilege Name |
Functionality |
Create Form |
Enables User create Form Messages |
Control Form |
Enables User control the Form Messages |
View All Private Forms |
Enables User view all private form message data. |
No Access |
Restricts access to the Form Messages of specified Form Type. |
For Forms, the ACL can be defined at Role Level.
Purposes of Issue are meta-data tags that can be assigned to documents stored within Asite. Each Workspace can define its own list of Purposes of Issue. The Access Control Layer for Purposes of Issue can be defined at line item level, meaning access to each Purpose of Issue can be defined independently.
Following are the privileges that can be defined within the ACL for a Purpose of Issue within Asite.
Available
Document Purpose of Issue level privileges
Permission |
Functionality |
No Access |
The “No Access” permission signifies that values will not be visible for users to define as metadata during Upload / edit Document Metadata stage |
Access to Use -Attribute Change |
The “Access to Use - Attribute Change” permission signifies that values will be available for users to define as metadata during Upload / edit Document Metadata stage but cannot be managed (edited) at the Workspace Admin level. |
Access to Use - Publish |
The “Access to Use- Publish” permission signifies that values will be available for users to define as metadata during Upload / edit Document Metadata stage but cannot be managed (edited) at the Workspace Admin level. |
Admin |
The “Admin” permission signifies that values will be available for users to define as metadata during Upload / edit Document Metadata stage and ALSO can be managed (edited) at the Workspace Admin level. |
For folders, the ACL can be defined at Default, Role, Organisation and User Levels.
Statuses are meta-data tags that can be assigned to documents stored within Asite. Each Workspace can define its own list of Document Statuses. The Access Control Layer for Document Statuses can be defined at line item level, meaning access to each Status can be defined independently.
Following are the privileges that can be defined within the ACL for a Document Status within Asite.
Available
Document Status level privileges
Permission |
Functionality |
No Access |
The “No Access” permission signifies that document statuses will not be visible for users to define as metadata during Upload / status change stage |
Access to Use – Status Change |
The “Access to use – Status Change” permission signifies that document statuses will be available for users to define as metadata during Upload / status change stage but cannot be managed (edited) at the Workspace Admin level. |
Access to Publish |
The “Access to Publish” permission signifies that document statuses will be available for users to define as metadata during Upload / status change stage but cannot be managed (edited) at the Workspace Admin level. |
Admin |
The “Admin” permission signifies that document statuses will be available for users to define as metadata during Upload / status change stage and ALSO can be managed (edited) at the Workspace Admin level. |
For folders, the ACL can be defined at Default, Role, Organisation and User Levels.
Asite Collaboration provides team members with the ability to distribute information to other members of the Workspace team. Distribution groups can be set up to automate the distribution process with pre-defined lists. The Access Control Layer for Distribution Groups can be defined at line item level, meaning access to each Distribution Group can be defined independently.
Following are the privileges that can be defined within the ACL for a Distribution Group within Asite.
Available
Distribution Group level privileges
Permission |
Functionality |
No Access |
The “No Access” permission signifies that distribution groups will not be visible for users to define as metadata during Upload / edit Document Metadata stage |
Access to Use |
The “Access to use” permission signifies that distribution groups will be available for users to define as metadata during Upload / edit Document Metadata stage but cannot be managed (edited) at the Workspace Admin level. |
Admin
|
The “Admin” permission signifies that distribution groups will be available for users to define as metadata during Upload / edit Document Metadata stage and ALSO can be managed (edited) at the Workspace Admin level. |
For folders, the ACL can be defined at Default, Role,
Organisation and User Levels.
