Instance security

With instance security you can apply permissions to system admin groups to limit or grant access to particular system admin objects. You can access the Admin Security dialog from the Instance Details tab. In order to access the Instance Details tab, a user must be in the System Admins group of the instance.

This page contains the following topics:

See the following related pages:

Object Security tab

The Object Security tab lists all system admin objects with their related item-level permissions. Item-level rights include:

  • None Deny object permissions set icon- denies users access to the object.
  • View Markup visibility icon - view the object. This is the lowest level object permission.
  • Edit Edit icon - edit and view the object.
  • Delete Delete redactions and highlights icon - delete, edit, and view the object.
  • Add Add object level permission icon - add new objects. This icon turns blue when the setting is unsaved; once you click Save, the blue icon becomes grey. This icon turns green when you give users this permission both when the setting is unsaved and saved.
  • Edit Security Edit security icon - grants users the ability to edit the security of objects. This icon turns blue if you click twice indicating a not applicable status.

You can apply system admin permission settings to any of the following objects in the Object Security tab:

Note: You must be a system admin to edit client and matter for a workspace.

Note: If you see the Workspace Processing Settings item listed in the object security section of your console, note that this represents an RDO for which there is no front-end implementation. It stores the Invariant StoreID and Data Grid settings for the workspace, but it provides no functionality, and it controls nothing.

Tab Visibility tab

You can grant the ability to view any of the following tabs in the Tab Visibility tab on the Admin Security page.

Note: If you grant tab visibility on a tab to a group that doesn't have view permissions on that object, users within that group are unable to view the tab.

Admin Operations tab

You can alter the following permission settings from the Admin Operations tab of the Admin Security page.

  • Agent Operations - access to agent operations.
  • Change Queue Priority - access to priority of queues.
  • Force Logout on User Status - access to the ability to bump users out of Relativity.
  • Manage Object Types - access to edit object types.
  • Send Message - access to send messages to users in Relativity.
  • Use Quick Nav - access to the quick nav button.
  • View Admin Repository - required in order to access Admin tabs and Admin-only objects from home screen of Relativity.
  • Note: Users will have access to the Workspaces tab even without the View Admin Repository permission.

  • View Audits - access to the ability to view audit records on the View Audits tab.

Group Permissions report

With the Group Permissions Report you can easily assess all permission settings applied to any group. Navigate to the Instance Details tab and click Group Permissions Report.

Admin group permission console

You can perform the following actions from this console:

  1. Horizontal or Vertical - displays the console horizontally or vertically according to you preference.
  2. Group - select any group in your Relativity environment from the Group drop-down menu. Click Run to see a list of all system admin permission settings for that group.
  3. Preview - displays the Script Body that defines the selected group's permission settings.
  4. Run - generates Group Permissions Report on the selected group.
  5. Export to File - click Go to export a .CSV file of all the selected group's system admin permission settings.

Reading the Group Permissions Report

  • Group - displays the selected group's name.
  • Permission - displays the name of the system admin object on which system admin rights are granted for the selected group.
  • Type - displays the group's permission level on the object listed in the Permission column.

Uneditable admin permission settings for the Everyone group

All users in any instance of Relativity are members of the Everyone group. The following admin permissions apply to the Everyone group by default, and this permission setting configuration is necessary for your Relativity environment to function properly. You can't add or revoke any of the following permission settings on the Everyone group:

  • View User - visibility of user.
  • View View - visibility of views.
  • View Choice - visibility of choice.
  • View Group - visibility of groups.
  • View, Edit,and Add Error - visibility, edit rights, and add rights to errors.
  • View Relativity Script - visibility of Relativity script.
  • View Server - visibility of servers.
  • View Tab Type - visibility of tab types.

Script library permissions available only to system admins

System admins are the only users able to access the following items:

Library Applications View:

  • Upload Application button - access to the button that uploads applications into workspaces.

Library Application Detail:

  • Install - access to the Install button on the Application details screen.
  • Upgrade - access to the upgrade applications button. This button only appears if an upgrade to the application is available.
  • Cancel - access to the Cancel button. This button only displays during installation.
  • Push to Library button - access to the Push to library button.

Relativity Script Library view:

  • New Script button - access to the New Relativity Script button on the Relativity Script Library tab.

New Script page:

  • Edit button - access to the Edit button on scripts.
  • Delete button - access to the Delete button on scripts.
  • Script Header - access to the Script Header in the XML editor.
  • XML Editor - access to the XML editor on the New Script page.

Edit Script page:

  • Script Header - access to the Script header on the Edit Script page.
  • XML Editor - access to the XML editor on the Edit Script page.

Run Script page:

  • Preview button - access to the Preview button on the Run Script page.