Instance security

With instance security you can apply permissions to system admin groups to limit or grant access to particular system admin objects. You can access the Admin Security dialog from the Instance Details tab.

Note: Users must be assigned to the following two groups in order to have full system administration access:
1. System Administrators - This grants access to all admin-level permissions, such as ARM, queue management, users, and groups tabs.
2. <Customer Name> Admin Group - This gives the user permissions to access all workspaces in the instance, unless the workspace was migrated through ARM or Migrate without the group being properly mapped first.

See the following related pages:

Object Security tab

The Object Security tab lists all system admin objects with their related item-level permissions. Item-level rights include:

  • None —denies users access to the object.
  • View —view the object. This is the lowest level object permission.
  • Edit —edit and view the object.
  • Delete —delete, edit, and view the object.
  • Add —add new objects. This icon turns blue when the setting is unsaved; once you click Save, the blue icon becomes grey. This icon turns green when you give users this permission both when the setting is unsaved and saved.
  • Edit Security —grants users the ability to edit the security of objects. This icon turns blue if you click twice indicating a not applicable status.

You can apply system admin permission settings to any of the following objects in the Object Security tab:

Note: Only system administrators can edit the Client and Matter for a workspace. In addition, the Errors tab is only available to system administrators.

Note: If you are using RelativityOne, the following objects are secured by default and should not be modified. Please contact Relativity Support if you need to modify these objects.

  • Agent - access to the Agents tab.
  • Agent Type - access to the Agent Types page when creating a new agent.
  • Choice - access to the Choice tab.
  • Error - access to the Errors tab.
  • License - access to the License tab. Only full system admins can edit license information.
  • Resource File - access to the Resource files tab.
  • Resource Pool - access to the Resource pools tab.
  • Servers - access to the Servers tab.

Note: If you see the Workspace Processing Settings item listed in the object security section of your console, note that this represents an RDO for which there is no front-end implementation. It stores the Invariant StoreID and Data Grid settings for the workspace, but it provides no functionality, and it controls nothing.

Tab Visibility tab

In Relativity, the Tab Visibility setting lets you determine which tabs within the user interface are accessible to specific user groups. This encompasses both parent and child tabs that can be configured for access by these groups. You can enhance user efficiency by combining object security permissions with tab visibility settings. It's essential to understand that tab visibility settings don't alter the permission rights for objects presented on each tab. Instead, they solely govern whether the tab is visible in the navigational menu.

You can make a tab visible to a user even if they lack the necessary permissions to view objects listed on that tab. Nevertheless, it's crucial to understand that tab visibility settings don't restrict access to the objects featured on a particular tab. Users can still access these objects through direct URLs or via the API, even if the tab isn't visible to them in the navigational menu.

Note: Granting tab visibility to a group without view permissions for the object allows users to view the tab but prevents them from taking action. Granting object permissions to a group without tab permissions for the object restricts users from completing required tasks.

Note: If you are using RelativityOne, the following tabs are secured by default and should not be modified. Please contact Relativity Support if you need to modify these tabs.

  • Choices - visibility of the Choices sub-tab.
  • Resource Files - visibility of the Resource Files sub-tab.
  • License - visibility of the License sub-tab. Only full system admins can edit license information.
  • Servers - visibility of the Servers tab.
  • Agents - visibility of the Agents tab.
  • Resource Pools - visibility of the Resource Pools tab.
  • Performance Dashboard - visibility of the Performance Dashboard tab.
    • Application Performance - visibility of the Application Performance sub-tab.
    • Server Health - visibility of the Server Health sub-tab.

Admin Operations tab

You can alter the following permission settings from the Admin Operations tab of the Admin Security page.

  • Access RelativityOne Staging Explorer- access to RelativityOne Staging Explorer.
  • Change Queue Priority - access to priority of queues.
  • Force Logout on User Status - access to the ability to bump users out of Relativity.
  • Manage Object Types - access to edit object types.
  • Manage Cold Storage - grants group members permission to migrate and retrieve workspaces to and from Cold Storage.
  • Send Message - access to send messages to users in Relativity.
  • Use Quick Nav - access to the quick nav button.
  • View Admin Repository - required in order to access tabs and objects from home.
  • Note: Users will have access to the Workspaces tab even without the View Admin Repository permission.

  • View Audits - access to the ability to view audit records on the View Audits tab.
  • Note: If you are using RelativityOne, the following admin operations are secured by default and should not be modified. Please contact Relativity Support if you think you need to access this functionality.

  • Agent Operations - access to agent operations.

A Note on View Admin Repository

The "View Admin Repository" permission is essential for certain features and supported applications to operate correctly. Apart from the specific features that require this permission, it can also be granted to enable users to generate reports and apply filters to Workspace, Client, Matter, User, and Group objects during report setup.

Granting "View Admin Repository" permission to a user provides access to User and Group objects within the platform. This means that these users can retrieve User and Group information, regardless of whether they are using the mobile app.

The following features and supported applications necessitate the "View Admin Repository" permission:

  • Case Metrics

  • Staging Explorer

  • Workspace Portal

  • Processing Administration

  • Production/Branding Queue

  • ARM

Group Permissions report

With the Group Permissions Report you can easily assess all permission settings applied to any group. Navigate to the Instance Details tab and click Group Permissions Report.

Admin group permission console

You can perform the following actions from this console:

  1. Group - select any group in your Relativity environment from the Group drop-down menu. Click Run to see a list of all system admin permission settings for that group.
  2. Preview - displays the Script Body that defines the selected group's permission settings.
  3. Run - generates Group Permissions Report on the selected group.
  4. Export to File - click Go to export a .CSV file of all the selected group's system admin permission settings.

Reading the Group Permissions Report

  • Group - displays the selected group's name.
  • Permission - displays the name of the system admin object on which system admin rights are granted for the selected group.
  • Type - displays the group's permission level on the object listed in the Permission column.

Uneditable admin permission settings for the Everyone group

All users in any instance of Relativity are members of the Everyone group. The following admin permissions apply to the Everyone group by default, and this permission setting configuration is necessary for your Relativity environment to function properly. You can't add or revoke any of the following permission settings on the Everyone group:

  • View User - visibility of user.
  • View View - visibility of views.
  • View Code - visibility of code.
  • View Group - visibility of groups.
  • View, Edit,and Add Error - visibility, edit rights, and add rights to errors.
  • View Relativity Script - visibility of Relativity script.
  • View Resource Server - visibility of resource servers.
  • View Tab Type - visibility of tab types.

Script and application library permissions

System admins are the only users able to access the following items:

Application Library View:

  • Upload Application button - access to the button that uploads applications into workspaces.

Application Library Details:

  • Install - access to the Install button on the Application details screen.
  • Upgrade - access to the upgrade applications button. This button only appears if an upgrade to the application is available.
  • Cancel - access to the Cancel button. This button only displays during installation.
  • Push to Library button - access to the Push to library button.

Relativity Script Library view:

  • New Script button - access to the New Relativity Script button on the Relativity Script Library tab.

New Script page:

  • Edit button - access to the Edit button on scripts.
  • Delete button - access to the Delete button on scripts.
  • Script Header - access to the Script Header in the XML editor.
  • XML Editor - access to the XML editor on the New Script page.

Edit Script page:

  • Script Header - access to the Script header on the Edit Script page.
  • XML Editor - access to the XML editor on the Edit Script page.

Run Script page:

  • Preview button - access to the Preview button on the Run Script page.

System administrator privileges

The following actions are exclusive to System Administrators and don't require additional permissions:

  • Perform Mass Operations on admin. level objects

  • Permanently delete or recover workspaces from the Recycle Bin

  • Access to the Errors tab on the Admin. level

  • Manage group permissions within Instance details