logoBack to home screen

Understanding Access Control in ADx

ADx enabels you to control:

  • who can access contents and repositories.
  • what actions users are allowed to perform.

ACL Levels in ADx

You can set ACL on two levels:

  • On the repository level (as an administrator). Here you can set general ACL rules that apply to all contents in a repository.

  • On the content level. Here you can specify ACL rules that apply to certain contents. Rules on the content level override rules on the repository level.

Here are examples of what you can do with ACL in ADx:

Understanding ACL Precedence and Priority

ADx enables you to set ACL rules on two levels:

  • On the repository level
  • On the content level in the Explorer

Any ACL rules defined on the content (or folder) level take precedence over ACL rules defined on the repository level. Consider the following example:

  1. An administrator grants the Download operation to User A in Repository A
  2. Content B has User B as its owner.
  3. Content B is in Repository A.
  4. User B explores Repository A and sets an ACL rule on Content B that denys the Download operation to User A.
  5. Now, User A has a Grant ACL on repository level but has a deny ACL on the content level.
  6. The result is: User A gets an error when trying to download Content B becasue the content ACL takes precedence.

Content Ownership

It is important to know that a content owner has full access to their content. This means an owner can perform any operation. They can also allow or restrict other users from working with their contents, and they can change a content's ownership to another user (When this happens, the original owner cannot see the content unless they have set ACL rules before changing ownership.).

Content Ownership in Standard Repositories

A content owner has full access to their content. They perform all operation. They can also change the owner of their own content. In this case, they loose access to their content and must be granted access in one of the following ways:

  • An administrator grants them access on the repository level.
  • They set ACL rules to grant themselves access before changing the owner.
  • The new owner grants them access by setting ACL on the content level.

Consider the following examples:

Example 1 - Changing the Owner without Setting ACL

  1. User1 creates content1.
  2. User1 changes the owner to User2.
  3. User1 can no longer see content1.

Exmaple 2 - Setting ACL before Changing the Owner

  1. User1 creates content1.
  2. User1 sets an ACL rule and grants themselves a read access to content1.
  3. User1 changes the owner to User2.
  4. User1 can still see content1, but they cannot perform any actions unless explicitly set as in step 2.

The following video shows both examples:

Content Ownership in CMIS and Documentum Repositories

In CMIS and Documentum repositories, the content owner is the technical user as set in the original CMIS or Documentum system. When you log in to ADx with a user different from this technical user, and you create a new content or folder, the owner in the content details is the technical user, not the ADx user. Also, this content does not show under Owned By Me. You can still have a Read access to the content, and you can see it under Recent or Browse, but you cannot perform any other operations unless you have ACL permissions set explicitly.

Consider the following examples:

Example 1 - ACL on Documentum Repository for Non-Technical User

  1. You log in to ADx as User1.
  2. You explore a Documentum repository that has:
  • name = DCTM Repo
  • technical user = Docu-User.
  1. You create Content1.
  2. Content1 is not visible under Owned By Me.
  3. Content1 is visible under Browse. You select Content1 and click Details. The owner is Docu-User.
  4. As User1, you cannot perform any actions on Content1 unless an admin grants you the appropriate ACL on the DCTM Repo repository level.
  5. An administrator grants you ACL permissions on the repository level to perform certain operations such as Delete and Download.
  6. AS User1, you can now only see, delete, and download contents from

Example 2 - ACL on Documentum Repository for Technical User

  1. You log in to ADx as Docu-User.
  2. You explore a Documentum repository that has:
  • name = DCTM Repo
  • technical user = Docu-User.
  1. You create a Content1.
  2. Content1 is visible under Owned By Me.
  3. You select Content1 and click Details. The owner is Docu-User. You have full access to this content.

CMIS or Documentum Technical User

A CMIS or Documentum technical user is the user set in the remote CMIS of Documentum system. ADx connects to the CMIS or Documentum system with the credentials of this user. As an administrator, you set these credentials in the connection setting of a CMIS or Documentum repository.