Read Only Group

Question

Hi, 
 
 I am wondering what the best way is to configure a group which has read only access to the entire vault. 
 We can't set the user account to read only license type as they have access to another vault which they require write access to. 
 Is it best to set them up as an external user and give permissions that way?

Tom Humm · Answer

I would not set a user up as External if they require more access within other vaults. The best way to ensure read only access for a user under these conditions would be to drive these users permissions via NACL at the top-most permissions levels. Since permissions in M-Files are evaluated in order of hierarchy priority, setting at account to read-only this way will ensure that no greater permissions are granted via other secondary or tertiary schemas. There's some good reference material in the User Guide around this topic, additionally some webinars from last year which should be available through our Training portal cover permissions management that could be helpful to you. I hope this helps but let me know if you need further assistance!