File Permissions


If M-Files does not support folder hierarchy. Could someone suggest a workaround to assign file permissions for a new added user. For eg. If I have 10000 files in M-Files all spread across the application in different locations. How can I select all those files and give access to the newly added user. Please this issue is a show stopper. Any suggestions would be highly appreciated.

Thank you

  • To get the permissions to work you need a property that points back to the users list. An ACL won't work for metadata driven properties.

    Let's use 'Attendees' as the property.

    Then in the class(es) set automatic permissions that pulls from that property.

    You should now have a class(es) that will automatically set the permissions based on who is listed in the Attendees properties.

    Now you just need to determine how/who to add to the attendees. You can leave it manual so that someone can just go add and remove users as needed from each object.

    Or you can setup a configuration rule that can predefine which users should be in the list based on other criteria along with defining if the property should be hidden or read only.

    That last part would be outside the scope of this thread. Hopefully that answers how to set this up.

    When done it should give a lot of flexibility.

  • Thanks a lot Wesley. Appreciate the time taken to respond.

    I tried this but it does not solve my issue. Basically the end user has a presentation class and in the presentation class there are 100 presentations. 20 presentations group A should access, 20 should be accessed by group b and the rest have access to all presentations. So I have only one class called presentation. Basically I am trying to understand if its possible to set permission based on a property  called "Presentation Type".

    1) So I create a class called "Presentation"

    2) I set a property inside the class called "Presentation Type" - This "Presentation Type" comes from a value list. Lets say I have values. Presentation 1, Presentation 2 and Presentation 3.

    3) Presentation 1 is accessed by Group A

    4) Presentation 2 is accessed by Group B

    5) Presentation 3 is Accessed By Everyone

    Now when I select Presentation 1 from the value list drop down. Automatically only Group A and Group C should see and access the presentations

    I hope I have not confused you.

    Thank you

  • You need a 2nd property. You can't set permissions based on a non-user object.

    So you have to set your configuration such that there is a property that defines users, and then set that property to have their values automatically defined based on the presentation type.

    So keep Presentation Type.

    Create a new property 'Attendees' or whatever you want to name it.

    Setup a rule that if Presentation Type = Type 1, then Attendees = A, B, C.

    If Presentation Type = Type 2, then Attendees B, D E


    Then set your automatic permissions to feed off Attendees.

  • Thanks a lot Wesley. Appreciate the time taken to respond.

    I am really confused right now as I am fairly new to M-Files and I am building the vault by myself. I keep getting requests from users and I try to solve them with the help from this forum so please bear with me.

    I understand the solution that you have provided but I am having trouble implementing it.

    My current situation is that I have a class called Presentation,  a value list called Presentation Type and a Attendees Property definition.

    I need help with the following

    1) Could you please tell me where can I set this rule? and more importantly how because I don't know VBScript.

    2) The Attendees Property allows me to select a list from the users. This is not helpful as all the users will show up in the list. How can I setup separate attendees as Group A, B and C.

    3)  Also when I setup automatic permission I get the following messages, what does it mean?


    If its not too much to ask could you make up the solution and ill will replicate it. This is only for one class. I have no idea how many classes the users will have. Once I get a general idea I will copy it for all the classes.

    Thank you

  • Dear Wesley

    Any update on my request as I am stuck :(

  • 1) The rule defining who is added can be done in a few areas. I would do it via a Metadatacard configuration rule. (User Guide Link) or with Managed Properties in the Compliance Kit (Compliance Kit - Configuration Manual.pdf).

    Assistance with setting up those rules is going to be outside the scope of this thread. I would focus on making sure the permissions work dynamically as you want first then worry about the rules automating it.

    2) You can choose from all users (unless you setup a filter [User Guide Link]), but the permissions won't be applied to all users you can choose from and instead only applies to those that are selected on the object. So you should be able to test by adding some user, save, then check the permissions. Then change the users, save, and compare the permissions.

    3) The "Warning" you are seeing is just letting you know that automatic permissions have only been enabled on the structure elements you want. In this case, they are only enabled for objects with this class. That's what we want.

    For the second option, you will almost always want to choose 'Change and Activate Objects' Permissions'. Essentially, the first option will save and propagate the source for the automatic permissions to all relevant options, but will not turn them on until you later go back through and enable them. The 2nd option, saves and activates the permissions which is what we want.

  • Thank you Wesley for taking the time to respond. I will work on the method provided.