Instance security

With instance security you can apply permissions to system admin groups to limit or grant access to particular system admin objects. You can access the Admin Security dialog from the Instance Details tab.

Note: Users must be assigned to the following two groups in order to have full system administration access:
1. System Administrators - This grants access to all admin-level permissions, such as ARM, queue management, users, and groups tabs.
2. <Customer Name> Admin Group - This gives the user permissions to access all workspaces in the instance, unless the workspace was migrated through ARM or Migrate without the group being properly mapped first.

See the following related pages:

Object Security tab

The Object Security tab lists all system admin objects with their related item-level permissions. Item-level rights include:

  • None Deny object permissions set icon—denies users access to the object.
  • View Markup visibility icon—view the object. This is the lowest level object permission.
  • Edit Edit icon—edit and view the object.
  • Delete Delete redactions and highlights icon—delete, edit, and view the object.
  • Add Add object level permission icon—add new objects. This icon turns blue when the setting is unsaved; once you click Save, the blue icon becomes grey. This icon turns green when you give users this permission both when the setting is unsaved and saved.
  • Edit Security Edit security icon—grants users the ability to edit the security of objects. This icon turns blue if you click twice indicating a not applicable status.

You can apply system admin permission settings to any of the following objects in the Object Security tab:

Note: Only system administrators can edit the Client and Matter for a workspace. In addition, the Errors tab is only available to system administrators.

Note: If you see the Workspace Processing Settings item listed in the object security section of your console, note that this represents an RDO for which there is no front-end implementation. It stores the Invariant StoreID and Data Grid settings for the workspace, but it provides no functionality, and it controls nothing.

Tab Visibility tab

In Relativity, the Tab Visibility setting allows you to control which tabs in the user interface are visible to specific groups. This includes parent and child tabs that can be granted access to groups. To give users the tools they need to complete their tasks, you can combine object security permissions and tab visibility access. However, it's important to note that tab visibility settings do not change the permission rights to the objects displayed on each tab. Rather, they only control whether the user can see the tab in the navigational menu.

It's possible to display a tab to the user, even if the user lacks the necessary permissions to view any of the objects listed on that tab. However, tab visibility cannot be used to restrict access to the objects listed on a particular tab. Users can still access those objects through a direct URL or via the API, even if the tab is not visible to them in the navigational menu.

Note: Granting tab visibility to a group without view permissions for the object allows users to view the tab but prevents them from taking action. Granting object permissions to a group without tab permissions for the object restricts users from completing required tasks.

Admin Operations tab

You can alter the following permission settings from the Admin Operations tab of the Admin Security page.

  • Agent Operations - access to agent operations.
  • Change Queue Priority - access to priority of queues.
  • Force Logout on User Status - access to the ability to bump users out of Relativity.
  • Manage Object Types —permission that grants group members the ability to:
    • Create a new tab for a new object type when adding the new object type.

    • Automatically gain view, add, edit, delete, and secure permissions for all newly created object types.
    • Automatically gain tab visibility for newly created tabs.
  • Send Message - access to send messages to users in Relativity.
  • Use Quick Nav - access to the quick nav button.
  • View Admin Repository - required in order to access tabs and objects from home.
  • Note: Users will have access to the Workspaces tab even without the View Admin Repository permission.

  • View Audits - access to the ability to view audit records on the View Audits tab.

A Note on View Admin Repository

This permission setting is required for some features and supported applications to function properly. Outside of features that specifically require this permission, access can also be granted so that users can run a report and filter against the Workspace/Client/Matter/User/Group objects in report set-up. Please keep in mind that due to this fact, when View Admin Repository is granted to a user for whatever reason, that user is also gaining access to the User and Group objects from the context of the platform. In other words, these users are now capable of retrieving Users and Groups with or without the mobile app.

The following features and/or supported applications require the View Admin Repository permission.

  • Case Metrics

  • Staging Explorer

  • Workspace Portal

  • Processing Administration

  • RelativityOne Activity Dashboard

  • Production/Branding Queue

  • ARM

Group Permissions report

With the Group Permissions Report you can easily assess all permission settings applied to any group. Navigate to the Instance Details tab and click Group Permissions Report.

Admin group permission console

You can perform the following actions from this console:

  1. Horizontal or Vertical - displays the console horizontally or vertically according to you preference.
  2. Group - select any group in your Relativity environment from the Group drop-down menu. Click Run to see a list of all system admin permission settings for that group.
  3. Preview - displays the Script Body that defines the selected group's permission settings.
  4. Run - generates Group Permissions Report on the selected group.
  5. Export to File - click Go to export a .CSV file of all the selected group's system admin permission settings.

Reading the Group Permissions Report

  • Group - displays the selected group's name.
  • Permission - displays the name of the system admin object on which system admin rights are granted for the selected group.
  • Type - displays the group's permission level on the object listed in the Permission column.

Uneditable admin permission settings for the Everyone group

All users in any instance of Relativity are members of the Everyone group. The following admin permissions apply to the Everyone group by default, and this permission setting configuration is necessary for your Relativity environment to function properly. You can't add or revoke any of the following permission settings on the Everyone group:

  • View User - visibility of user.
  • View View - visibility of views.
  • View Code - visibility of code.
  • View Group - visibility of groups.
  • View, Edit,and Add Error - visibility, edit rights, and add rights to errors.
  • View Relativity Script - visibility of Relativity script.
  • View Resource Server - visibility of resource servers.
  • View Tab Type - visibility of tab types.

Script and application library permissions

System admins are the only users able to access the following items:

Application Library View:

  • Upload Application button - access to the button that uploads applications into workspaces.

Application Library Details:

  • Install - access to the Install button on the Application details screen.
  • Upgrade - access to the upgrade applications button. This button only appears if an upgrade to the application is available.
  • Cancel - access to the Cancel button. This button only displays during installation.
  • Push to Library button - access to the Push to library button.

Relativity Script Library view:

  • New Script button - access to the New Relativity Script button on the Relativity Script Library tab.

New Script page:

  • Edit button - access to the Edit button on scripts.
  • Delete button - access to the Delete button on scripts.
  • Script Header - access to the Script Header in the XML editor.
  • XML Editor - access to the XML editor on the New Script page.

Edit Script page:

  • Script Header - access to the Script header on the Edit Script page.
  • XML Editor - access to the XML editor on the Edit Script page.

Run Script page:

  • Preview button - access to the Preview button on the Run Script page.

System administrator privileges

The following actions are exclusive to System Administrators and don't require additional permissions:

  • Perform Mass Operations on admin. level objects

  • Permanently delete or recover workspaces from the Recycle Bin

  • Access to the Errors tab on the Admin. level

  • Manage group permissions within Instance details