You can specify which users have access to files, folders, and custom objects as well as the access level by assigning members to the Access Control List (ACL) for that Vault object. Once any members are assigned to the ACL, any users requiring access to that file, folder, or custom object must be assigned to ACL for that Vault object.
Whether a Vault object has role-based security (no ACL defined) or object-based security, the security can be overridden. An override of security means that the system ACL still exists on the object but is being overriden by a newly defined ACL. This is an Override Access Control List or an Override ACL. As long as an override ACL exists, the system ACL will be ignored. If the user removes the Override ACL then the system ACL will become the new security.
Both the system ACL and the override ACL can be modified using the same dialog, regardless of whether an override exists on the selected object or not. For example, the user may choose to edit the system ACL while an override ACL already exists. This way the new system ACL is respected if the Override ACL is ever removed.
There are two ways to create a security override. They can be set manually through the security dialog or automatically by using the lifecycle state's security.
Follow these steps to manually override the security of a file, folder, or custom object:
You can also access the Details dialog by selecting Details from the File menu.
Notice the Security Mode field indicates that there is either role-based security or object-based security on the selected Vault object. If the value is object-based security, then an ACL has been defined for selected Vault object.
Notice the Security Mode field now says System or overriden security. This indicates that there is an Override ACL configured on the Vault object.
State-based security overrides are configured in the Lifecycle Definitions dialog from the Behaviors tab of the Vault Settings dialog. For more information on how to configure the security of a lifecycle state, see Edit Lifecycle State Security.
To apply state-based security, a state change needs to occur at the folder level. Follow these steps:
The ACL displayed by default is the override ACL that was applied by the lifecycle state.
Once an override ACL has been applied, it can be edited or overriden by another override. For example, assume that a folder has an override ACL that was assigned by a lifecycle state. The user can view the override and modify it by changing the entries in the list and/or modifying the permissions of the access control entries.
You can also access the Details dialog by selecting Details from the File menu.
Rule: There can never be more than one override ACL on any Vault object and the last override ACL is always used, regardless of whether the override was manually applied or applied by a lifecycle state.
If a file, folder, or custom object has an override, it can be removed to revert back to the system or user ACL.
You can also access the Details dialog by selecting Details from the File menu.
Notice the Security Override check box is selected and the Security Mode indicates that there is an override.
The override is removed from the Vault object. At this point, any user ACL that was defined is relevant again. Otherwise, role-based security applies.