Security and permissions

In Relativity, you can manage security levels for users and system admins, as well as individual objects like views, tabs, and fields. You can assign permissions at the group level and preview effective security rights by impersonating a member of the group or a specific user. If a user belongs to multiple security groups, they'll receive the highest permissions from the combination of groups.

Consider the following:

  • Note: It's recommended to update security permissions for document folders with a large number of documents during non-business hours to avoid delays in your document review project.

  • If the Lockbox feature is enabled via the EnableCustomerLockbox instance setting, Relativity system admins must also belong to a group within a workspace in addition to the System Administrators group to access and administer security within that workspace. If you need more information on this feature, please contact Support.

Levels of Security in Relativity

In Relativity, there are two primary levels of security for assigning permissions: Object-level and Item-level security. These levels of security control access to either entire sets of Objects or specific Items, depending on their configuration.

Object-level permissions – Serve as a comprehensive setting that applies to all items within a specific Object type. These permissions are categorized into two main groups:

  • Instance permissions - these permissions pertain to system admin groups and are used to control access to designated system admin objects.

  • Workspace permissions - these permissions are associated with user groups added to a particular workspace. If a user group is not added to a workspace, it implies that users within that group have no access to that workspace.

You can employ object-level security to restrict entry to specific documents or items within the workspace. These objects encompass various components such as workspaces, documents, fields, and other elements within the system.

Tailoring access to these objects can be done on an individual user or group basis. User access determines the extent of permissions and actions a specific user can perform. Group access simplifies the management of permissions for a set of users in the same category. By managing user or group access, you can determine who is authorized to view, edit, or carry out specific actions on the objects within the system.

Furthermore, objects can have document-level or field-level permission configurations. Document-level permissions allow you to control access to individual documents based on user roles or specific criteria. Similarly, field-level permissions offer the ability to regulate access to particular fields within a document. You can set restrictions on who is permitted to view or modify specific fields based on user or group permissions.

Item-level permission settings allow you to control access to individual documents in a workspace. You can review, and potentially change, item level security settings when adding a group to objects with override security to guarantee that access is appropriately restricted.

Item-level permission settings allow you to define what groups or users can view, edit, delete, or perform other actions on individual documents. You can set permissions at a granular level to guarantee only authorized individuals have access to specific documents.

When the system determines access to an item, it first evaluates the workspace-level permission settings. Then it takes into account any item-level permission settings. If there's a conflict between item-level permissions and workspace-level permissions, the system enforces the more restrictive one.

To change item-level permission settings, you must navigate to the specific document or object and make changes individually.

Using Multiple Permission Types to Customize Access

Imagine you're a system admin, and a new member of your firm is going to be trained by your productions team. This person is a member of user group 'Level 3' and should have access to view all OCR profiles, as well as the ability to edit and run OCRs using a test profile. In order to achieve this, an administrator of this workspace must set view-only access to OCR Profiles on the workspace level, and override the permission on the item-level for that one OCR Profile.

Note: For more examples of scenarios, see Permissions scenarios

For most object types it is possible to grant to one of six permissions on the Item or Object level.

  • None - user does not have any access to the object.

  • View - user has access to view the object. This is the lowest object permission.

  • Edit - user has access to edit and view the object.

  • Delete - user has access to delete, edit, and view the object.

  • Add - user has access to add new objects.

  • Edit Security - grants users the ability to edit the security of objects.

Note: For some object types, options will be missing from the above list of permissions. For example, administrators cannot set permissions to 'None' for the 'Users' or 'Views' objects, because it will make Relativity unusable.