Access Rights to the File

Access rights can be used to set up so-called Chinese Walls and shield files in the Lexolution system from other users or user groups.

Access rights can also be used to restrict permissions on a file. You can assign read rights, edit rights, and full access rights. With the Read right, files and everything related to the file can only be viewed, not edited. With the Edit right, files can be edited. With the Full Access right, access rights to the file can also be changed. By default, every file is assigned to the system user group All. The All user group includes all users. This means everyone basically has full access to the file, of course only within the scope of their functional rights.

Please note that a user in the system user group Administrator is not affected by the access rights on the file. These users always have full access to the files, even if they have been explicitly excluded from the file on the Access Rights tab.

You can give a user the Restricted Access Rights option under User Management > Users. This means these users generally have no access to files unless they are explicitly assigned via File > Access Rights. The fact that these users with restricted access rights are also listed in the All user group has no effect in this case. This option is useful, for example, for external staff or interns.

Please note that restricting access to documents currently stored in the file system is only possible by using Lexolution.DMS.

EDI files (electronic invoices) are stored without restrictions in the designated folder in the file system so that uploads to the client can be carried out smoothly. The firm's system administrator must ensure that only authorized persons have access to this folder.

The permissions to read and edit file access rights can be set via the individual function rights 10200 File - Read Access Rights and 10201 File - Edit Access Rights, in case certain users should be able to create and edit files but not edit the file's access rights.

Functional Right to Delete Files

To delete files, the Functional Right 10025 Files - Delete is available.
Only files in Lexolution are deleted, as far as this is possible.
If files are referenced in invoices, deadlines, bookings, completed conflict checks, etc., they can no longer be deleted.

Example

For employees who do not have access rights to a file, the file will not be displayed in the file list. This means the employee cannot perform a conflict check on the file, open a file cover sheet, view deadlines or reminders for the file, etc. Draft invoices and invoices for the file are also not displayed.

In views where it is important to show that a file exists, these are displayed with the file alias. In the hierarchy or in KFC - result lists, for example, the file is shown with the file alias, if an alias has been assigned to the file. If no alias has been assigned, <no access> appears instead of the file name. The context menu for the restricted file is inactive.

It is different if you have filtered expenses, times, or bookings for this file in the list. In the expense row (time row, accounting row), instead of the file name, the alias or <no access> is shown. The values for times, expenses, and bookings remain visible. The same applies to reports.

Note

The description texts of times recorded for restricted files are displayed without restriction for all users in the standard reports (e.g., No. 1204 Time Evaluation with File Reference). It is recommended that internal firm policies ensure that no sensitive information is entered in the description texts in such cases.

_If you would like more in-depth advice on the topic of “Compliance and KMS,” please contact the STP AG service team.

------------------------------------------------------------------------------------------------------------------
This article has been automatically translated by an AI and may therefore contain errors.

Related to