Skip to main content
Documentation

Group Level Permissions

Most administrators start by setting folder permissions at the group level. When a user is added to a group, either during new user creation or by editing the user profile, they automatically inherit all folder permissions assigned to the group.

Common access control configurations include granting all company users the ability to list and preview files in the Company Documents folder, giving non-administrator members of the IT team full access to all IT department folders along with view history permissions for all other files on the server, and restricting access to the HR folder to members of the Human Resources department with Read/Write privileges for the files within.

Edit a group to assign or manage the folder permissions for that group.

Keep group-level permissions broad and relevant to the sub-section of users in the group.

Multiple Group Permissions

When creating or editing a folder permission, selecting a group allows adding additional groups to the same permission. In the permissions table, multi-group permissions display as a single row with group names joined by AND. Single-group permissions display the group name only.

When you create a folder permission for multiple groups, the permission applies only to users who are in every group on the permission. For example, if you have a Managers group and an East Office group, you can create a single folder permission associated with both groups. Only users who are members of both groups receive the permission. Users who are in the Managers group but not in the East Office group are not granted any folder access by the permission.

Multi-group permissions are also useful when access to a folder is granted only to users who belong to a specific combination of role and responsibility. For example, a folder containing sensitive HR documents for a specific client can require membership in both the HR group and the Client A group. A user who belongs to only one of those groups does not have access.

Requiring That Groups Be Used for All Permission Assignment

To keep permission assignment consistent across the site, a site administrator can require all permissions to be assigned only to groups, and not to individual users.

With this setting enabled, the group permission framework is enforced site-wide, and no one grants individual users permissions directly, whether accidentally or on purpose.

Enable the Manage all folder permissions via groups option within your site's Group settings.

Enabling this setting does not remove permissions previously granted to individual users.