Permissions
Permissions allow you to control who has access to the files and folders in your Nexus workspaces and projects. Owner, Write and Read privileges can be set for individual users or user groups.
Permissions in Nexus
Permissions can be set for users and groups, as well as for Workspaces and Projects. There are four permission types: Owner, Delete, Write and Read.
The difference between Owner, Delete, Write and Read permissions is detailed in the Help tips. Hovering on the ? for the permission will display an explanation.
| Permissions | Description |
|---|---|
| Read | You can view and download files, but you cannot upload, update or edit files, folders and projects or form sets. |
| Write | You can view, download, upload, update and edit files. You cannot delete files, folders or projects or form sets. |
| Delete | You can view, download, upload, update, edit and delete files, folders and projects. |
| Owner | You can view, download, upload, update and edit files, folders and projects. You can also manage permissions, object types and task types as part of Workspace Settings. |
User + Delete
User role users with DELETE permission to a Workspace can have READ and WRITE+DELETE permission to a Library entity inside the Workspace, except for Tasks. Tasks have their own permissions which are defined by the Task roles. See Task Permissions.
Projects have their own permission settings with the same permission types - READ, WRITE, DELETE, OWNER.
Note: A user with Delete permission at the Project level can delete files and folders within the project, but not the project itself. To delete a project, a user must have Delete permission at the Workspace level.
For Workspace permissions, everyone who creates a new Project becomes the Owner of that Project and can define permissions to it, as well as delete it. With Delete permission at the Workspace level, a user can delete Projects on the Workspace.
The same rules apply to the Library entity. Everyone with WRITE permission to the Workspace can create Folders in the Library and become the Owner of the folder they created.
User + Owner
A User role user with OWNER permission for a Workspace can have access to the Workspace settings to define Workspace object types and Permissions. They will also have all READ + WRITE + DELETE permissions to all entities inside this Workspace - Projects, Library with all nested folders and Tasks.
All users who have been granted access to a workspace are given READ/WRITE access to the projects, folders, files and tasks in that workspace by default; however, owners and administrators may limit access to particular projects, folders, files and tasks.
If the project has been created before the User was granted Owner permission, it won't inherit the new settings. The Owner user should define the Owner permission in the Project settings for themselves. All the new Projects created after the user has become Owner will inherit the Owner permission from Workspace settings.
Library and all nested Library folders will inherit defined permissions for Workspace without additional rules.
Admin Permissions
Admin role users can have all combinations of permissions (READ, WRITE, DELETE and OWNER) to:
-
The whole Tenant and all the Workspaces inside it
-
All the Projects inside the Workspaces and all folders inside these Projects
-
The Library and folders inside it
-
All the Tasks inside the Task manager
Additionally, Admin can define permissions for the users and delete entities (Projects, folders, files, tasks) in all the Workspaces.
Task Permissions
Permissions for tasks are defined by default according to the Task role. A Task Owner can DELETE, WRITE, and READ the task. A Task Responsible user can READ and WRITE the task. Informed and Consulted roles can only READ the task.
Additionally, the Admin user of the Tenant can have all permissions to all tasks in any Workspace; and the Workspace Owner can DELETE, WRITE and READ all of the tasks inside their Workspace.
Request Permissions
When a user signs in to Nexus and performs an action which requires permission not already granted, a message will be displayed advising them to Request Permissions from Admin. All entities and files to which the User does not have access will be greyed out with a lock icon displayed. The User can click the lock icon to request permission from Admin.
Admin will receive an email from nexus@micromine.com from which they can open Nexus and decide whether to provide the requested permission for the user to the Workspace or any other object.
Note: If there are multiple Admins in your Tenant, you don't need to define permissions for them. By default, an Admin user has all permissions; therefore, Admin permissions are inactive in this tab.
You can quickly determine which groups are members of the current Workspace by going to the Workspace start page. The Member widget on the Start page contains the Group tab. Clicking on the Group name will open a list of its members.
Typically, there is only one or two Owners in a Group. Owner permissions allow the user to provide permissions (Read and Write) for other Users to files and objects stored in the Workspace. For example, the Geology department Workspace owner could be a chief geologist.
Administrators and Owners for the Workspace can define permissions on the Workspace level and on the Project level from the Project settings | Permissions page. Permissions on a Folder or File level can be defined using the Info panel for the file/folder with Info | Other | Permissions.
In this way, it is possible for Admin and Owner users to set Read, Write and Delete permissions for all users in the Workspace, while providing no permission to access the Projects or Folders within to all except select people.
Sometimes Administrators need to quickly provide or change permissions for an individual user. This is best achieved using the Admin Settings | Users page. Permissions for each individual user are accessible from the button provided.
Clicking on this button will display a list of all Workspaces and Projects for the Tenant. From this dialog, Admin can quickly change existing permissions or add new permissions for the user without the need to go to different Workspace/Project settings.
Note: The Permissions dialog displayed cannot be used to provide permissions on a Folder/File level.
Information on configuring permissions for the tenant is contained in Permissions.