

With instance security you can apply permissions to system admin groups to limit or grant access to particular system admin objects.
Note: Users must be assigned to the following two groups in order to have full system administration access:
1. System Administrators - This grants access to all admin-level permissions, such as ARM, queue management, users, and groups tabs.
2. <Customer Name> Admin Group - This gives the user permissions to access all workspaces in the instance, unless the workspace was migrated through ARM or Migrate without the group being properly mapped first.
See the following related pages:
Imagine you're a system admin, and a new member of your firm is going to be placed in charge of managing agents and resources for your Relativity environment. You don't want this person to have access to any of the workspaces or system admin-level objects beyond the scope of her job functions, but she needs to be able to make the necessary changes to agents and resource pools as needed.
You add the user to a new group that can Add, Delete, Edit, and View the Agents, Agent Types, Resource Pools, and Server objects. You also grant tab visibility rights to the Resource Files tab and the Agents tab. When the user logs in, she is able to access and edit only the items in Relativity necessary to perform her position requirements.
The Object Security tab lists all system admin objects with their related item-level permissions. Item-level rights include:
You can apply system admin permission settings to any of the following objects in the Object Security tab:
Note: Only system administrators can edit the Client and Matter for a workspace. In addition, the Errors tab is only available to system administrators.
Note: If you see the Workspace Processing Settings item listed in the object security section of your console, note that this represents an RDO for which there is no front-end implementation. It stores the Invariant StoreID and Data Grid settings for the workspace, but it provides no functionality, and it controls nothing.
In Relativity, the Tab Visibility setting allows you to control which tabs in the user interface are visible to specific groups. This includes parent and child tabs that can be granted access to groups. To give users the tools they need to complete their tasks, you can combine object security permissions and tab visibility access. However, it's important to note that tab visibility settings do not change the permission rights to the objects displayed on each tab. Rather, they only control whether the user can see the tab in the navigational menu.
It's possible to display a tab to the user, even if the user lacks the necessary permissions to view any of the objects listed on that tab. However, tab visibility cannot be used to restrict access to the objects listed on a particular tab. Users can still access those objects through a direct URL or via the API, even if the tab is not visible to them in the navigational menu.
Note: Granting tab visibility to a group without view permissions for the object allows users to view the tab but prevents them from taking action. Granting object permissions to a group without tab permissions for the object restricts users from completing required tasks.
You can alter the following permission settings from the Admin Operations tab of the Admin Security page.
Create a new tab for a new object type when adding the new object type.
Note: Users will have access to the Workspaces tab even without the View Admin Repository permission.
This permission setting is required for some features and supported applications to function properly. Outside of features that specifically require this permission, access can also be granted so that users can run a report and filter against the Workspace/Client/Matter/User/Group objects in report set-up. Please keep in mind that due to this fact, when View Admin Repository is granted to a user for whatever reason, that user is also gaining access to the User and Group objects from the context of the platform. In other words, these users are now capable of retrieving Users and Groups with or without the mobile app.
The following features and/or supported applications require the View Admin Repository permission.
Case Metrics
Staging Explorer
Workspace Portal
Processing Administration
RelativityOne Activity Dashboard
Production/Branding Queue
ARM
With the Group Permissions Report you can easily assess all permission settings applied to any group. Navigate to the Instance Details tab and click Group Permissions Report.
You can perform the following actions from this console:
All users in any instance of Relativity are members of the Everyone group. The following admin permissions apply to the Everyone group by default, and this permission setting configuration is necessary for your Relativity environment to function properly. You can't add or revoke any of the following permission settings on the Everyone group:
System admins are the only users able to access the following items:
Application Library View:
Application Library Details:
Relativity Script Library view:
New Script page:
Edit Script page:
Run Script page:
The following actions are exclusive to System Administrators and don't require additional permissions:
Perform Mass Operations on admin. level objects
Permanently delete or recover workspaces from the Recycle Bin
Access to the Errors tab on the Admin. level
Manage group permissions within Instance details
Why was this not helpful?
Check one that applies.
Thank you for your feedback.
Want to tell us more?
Great!