Instance security

With instance security you can apply permissions to system admin groups to limit or grant access to particular system admin objects. You can access the Admin Security dialog from the Instance Details tab.

This page contains the following topics:

See the following related pages:

Object Security tab

The Object Security tab lists all system admin objects with their related item-level permissions. Item-level rights include:

  • None Deny object permissions set icon- denies users access to the object.
  • View Markup visibility icon - view the object. This is the lowest level object permission.
  • Edit Edit icon - edit and view the object.
  • Delete Delete redactions and highlights icon - delete, edit, and view the object.
  • Add Add object level permission icon - add new objects. This icon turns blue when the setting is unsaved; once you click Save, the blue icon becomes grey. This icon turns green when you give users this permission both when the setting is unsaved and saved.
  • Edit Security Edit security icon - grants users the ability to edit the security of objects. This icon turns blue if you click twice indicating a not applicable status.

You can apply system admin permission settings to any of the following objects in the Object Security tab:

Note: You must be a system admin to edit client and matter for a workspace.

  • Client - access to the Clients tab.
  • Group - access to the Groups tab.
  • Matter - access to the Matters tab.
  • Relativity One Dashboard
    • RelativityOne Dashboard Services Permission - enables you to see data and information in the RelativityOne Activity Dashboard.
  • Relativity Script - access to the Relativity Script Library tab.
  • Tab Type - access to the Tabs tab.
  • User - access to the Users tab.
  • View - access to the Views tab.
  • Workspaces - access to the Workspaces tab.
  • Workspace Application - access to Workspace Applications.
  • Workspace Portal Services
    • Workspace Portal Services Permission - allows you to view the workspace names from other instances in Workspace Portal.

Note: If you are using RelativityOne, the following objects are secured by default and should not be modified. Please contact support@relativity.com if you need to modify these objects.

  • Agent - access to the Agents tab.
  • Agent Type - access to the Agent Types page when creating a new agent.
  • Choice - access to the Choice tab.
  • Error - access to the Errors tab.
  • License - access to the License tab. Only full system admins can edit license information.
  • Resource File - access to the Resource files tab.
  • Resource Pool - access to the Resource pools tab.
  • Servers - access to the Servers tab.

Note: If you see the Workspace Processing Settings item listed in the object security section of your console, note that this represents an RDO for which there is no front-end implementation. It stores the Invariant StoreID and Data Grid settings for the workspace, but it provides no functionality, and it controls nothing.

Tab Visibility tab

Relativity has the ability to hide or show specific tabs in the user interface from the Tab Visibility setting. Tab Visibility lists all parent and child tabs to which you can grant groups access. Combine object security permissions and tab visibility access to give users the tools they need to complete their tasks. You can grant the ability to view any of the following tabs in the Tab Visibility tab on the Admin Security page. It is important to know that tab visibility settings do not change the permission rights to the objects displayed on each tab. The permission only controls if the user will be able to see the tab in the navigational menu.

It is technically possible to display a tab to the user where they user will not be able to see any objects listed due to a lack of permissions on the objects themselves. Similarly, Tab visibility cannot be used to protect access to any of the objects listed on a particular tab, because users will still be able to navigate to access those objects with a direct URL, or via the API.

Note: If you grant tab visibility on a tab to a group that doesn't have view permissions on that object, users within that group are unable to view the tab.

Note: If you are using RelativityOne, the following tabs are secured by default and should not be modified. Please contact support@relativity.com if you need to modify these tabs.

  • Choices - visibility of the Choices sub-tab.
  • Resource Files - visibility of the Resource Files sub-tab.
  • License - visibility of the License sub-tab. Only full system admins can edit license information.
  • Servers - visibility of the Servers tab.
  • Agents - visibility of the Agents tab.
  • Resource Pools - visibility of the Resource Pools tab.
  • Performance Dashboard - visibility of the Performance Dashboard tab.
    • Application Performance - visibility of the Application Performance sub-tab.
    • Server Health - visibility of the Server Health sub-tab.

Admin Operations tab

You can alter the following permission settings from the Admin Operations tab of the Admin Security page.

  • Access RelativityOne Staging Explorer- access to RelativityOne Staging Explorer.
  • Change Queue Priority - access to priority of queues.
  • Force Logout on User Status - access to the ability to bump users out of Relativity.
  • Manage Object Types - access to edit object types.
  • Manage Cold Storage - grants group members permission to migrate and retrieve workspaces to and from Cold Storage.
  • Send Message - access to send messages to users in Relativity.
  • Use Quick Nav - access to the quick nav button.
  • View Admin Repository - required in order to access tabs and objects from home.
  • Note: Users will have access to the Workspaces tab even without the View Admin Repository permission.

  • View Audits - access to the ability to view audit records on the View Audits tab.
  • Note: If you are using RelativityOne, the following admin operations are secured by default and should not be modified. Please contact support@relativity.com if you think you need to access this functionality.

  • Agent Operations - access to agent operations.

A Note on View Admin Repository

This permission setting is required for some features and supported applications to function properly. Outside of features that specifically require this permission, access can also be granted so that users can run a report and filter against the Workspace/Client/Matter/User/Group objects in report set-up. Please keep in mind that due to this fact, when View Admin Repository is granted to a user for whatever reason, that user is also gaining access to the User and Group objects from the context of the platform. In other words, these users are now capable of retrieving Users and Groups with or without the mobile app.

The following features and/or supported applications require the View Admin Repository permission.

  • Case Metrics

  • Staging Explorer

  • Workspace Portal

  • Processing Administration

  • RelativityOne Activity Dashboard

  • Production/Branding Queue

  • ARM

Group Permissions report

With the Group Permissions Report you can easily assess all permission settings applied to any group. Navigate to the Instance Details tab and click Group Permissions Report.

Admin group permission console

You can perform the following actions from this console:

  1. Horizontal or Vertical - displays the console horizontally or vertically according to you preference.
  2. Group - select any group in your Relativity environment from the Group drop-down menu. Click Run to see a list of all system admin permission settings for that group.
  3. Preview - displays the Script Body that defines the selected group's permission settings.
  4. Run - generates Group Permissions Report on the selected group.
  5. Export to File - click Go to export a .CSV file of all the selected group's system admin permission settings.

Reading the Group Permissions Report

  • Group - displays the selected group's name.
  • Permission - displays the name of the system admin object on which system admin rights are granted for the selected group.
  • Type - displays the group's permission level on the object listed in the Permission column.

Uneditable admin permission settings for the Everyone group

All users in any instance of Relativity are members of the Everyone group. The following admin permissions apply to the Everyone group by default, and this permission setting configuration is necessary for your Relativity environment to function properly. You can't add or revoke any of the following permission settings on the Everyone group:

  • View User - visibility of user.
  • View View - visibility of views.
  • View Code - visibility of code.
  • View Group - visibility of groups.
  • View, Edit,and Add Error - visibility, edit rights, and add rights to errors.
  • View Relativity Script - visibility of Relativity script.
  • View Resource Server - visibility of resource servers.
  • View Tab Type - visibility of tab types.

Script library permissions available only to system admins

System admins are the only users able to access the following items:

Library Applications View:

  • Upload Application button - access to the button that uploads applications into workspaces.

Library Application Detail:

  • Install - access to the Install button on the Application details screen.
  • Upgrade - access to the upgrade applications button. This button only appears if an upgrade to the application is available.
  • Cancel - access to the Cancel button. This button only displays during installation.
  • Push to Library button - access to the Push to library button.

Relativity Script Library view:

  • New Script button - access to the New Relativity Script button on the Relativity Script Library tab.

New Script page:

  • Edit button - access to the Edit button on scripts.
  • Delete button - access to the Delete button on scripts.
  • Script Header - access to the Script Header in the XML editor.
  • XML Editor - access to the XML editor on the New Script page.

Edit Script page:

  • Script Header - access to the Script header on the Edit Script page.
  • XML Editor - access to the XML editor on the Edit Script page.

Run Script page:

  • Preview button - access to the Preview button on the Run Script page.