Admin section - Access groups

Access groups are what control access to the content in Documaster. In Acces groups the groups that have been created in the identity provider are linked to the access groups in the archive, and is given permissions in the archive

  1. Select the admin section
  2. Click on Setup
  3. Click on Access groups

In Documaster Arkiv, the handling of users and group affiliation is in Documaster IDP, Azure AD or another identity provider that is used for the individual installation. Individual users are not handled in Admin. 

Under the menu item "Access groups", access groups from IDP (Documaster
IDP/Azure/Local AD/SAML) are added, and here they are given permissions.

Edit access groups

You can edit the access groups by clicking on the names in the list. You will
then get the editing box on the right-hand side, as shown below: 

In this section you can give the access group the correct global access and service permissions.

Global access

Both in the editing image, shown above, and in the image for creating groups shown below, you can set the Global permissions in the archive. The various permissions are as follows: 

Create new access group

To create a new access group, click on the  green"Create groups" button:

You will get this window:

  • You decide the name and description yourself. We recommend that they are as descriptive as
    possible.
  • External Group is a required field. Here you enter the ID of the group
    created in the identity provider.
  • Global rights for the group are set, the description of the different permissions can be found above.
  • Then you set the apropriate Service permissions 
  • When all is filled in, click "Create"

Delete access groups 

To delete an access group, hover the mouse pointer over the line where the 
access group is. You will then get a trash can icon at the back of the line, as shown
below: 

When you click on this icon, you must also confirm the deletion in the dialog box that
appears.


Note that all access the group is granted at lower levels (archive, archive parts, classification
systems, lists, VSM) must be removed before the access group can be deleted.