Hi all,I’ve hit a snag while configuring document access in IFS Applications and would appreciate some clarity from the community.Scenario: I’ve set up two access groups via access templates: one for Read and another for Write. Users in the Read group can see documents as expected. However, these same users are able to detach documents—both those they’ve created and those created by others. My understanding is that ‘Read’ access should prevent any action beyond viewing, so detaching feels like a breach of the intended restrictions. What I’ve Checked: Restricted Access is set to Yes/ON for the document class in question. The permission set assigned to the Read group does not include the Document Administrator role or any roles that should permit document changes. The templates and group memberships have been reviewed and double-checked. Expected Outcome:Read users should only be able to view (download/preview) documents. Actions like detaching, deleting, or editing should not be possible.Questions for the Community: Has anyone else experienced users with ‘Read’ access still having permissions to detach documents? Is there a specific setting, permission, or role that governs the ability to detach documents beyond the standard read/write templates? Are there any known IFS Application behaviors or bugs where document management permissions don’t get applied as strictly as expected? Any best practices for strictly locking down document classes to avoid this scenario? Grateful for any advice, insights, or even ideas on where to start troubleshooting!Thanks in advance,

Question

document management - read access

Forum|Forum|6 days ago
November 21, 2025
0 replies
12 views

H

+8

Hashmit
Sidekick (Partner)

Hi all,

I’ve hit a snag while configuring document access in IFS Applications and would appreciate some clarity from the community.

Scenario:

I’ve set up two access groups via access templates: one for Read and another for Write.
Users in the Read group can see documents as expected.
However, these same users are able to detach documents—both those they’ve created and those created by others.
My understanding is that ‘Read’ access should prevent any action beyond viewing, so detaching feels like a breach of the intended restrictions.

What I’ve Checked:

Restricted Access is set to Yes/ON for the document class in question.
The permission set assigned to the Read group does not include the Document Administrator role or any roles that should permit document changes.
The templates and group memberships have been reviewed and double-checked.

Expected Outcome:
Read users should only be able to view (download/preview) documents. Actions like detaching, deleting, or editing should not be possible.

Questions for the Community:

Has anyone else experienced users with ‘Read’ access still having permissions to detach documents?
Is there a specific setting, permission, or role that governs the ability to detach documents beyond the standard read/write templates?
Are there any known IFS Application behaviors or bugs where document management permissions don’t get applied as strictly as expected?
Any best practices for strictly locking down document classes to avoid this scenario?

Grateful for any advice, insights, or even ideas on where to start troubleshooting!

Thanks in advance,

Did you find what you're looking for? If not:

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded