Access to department sections is limited based on document permissions configured on the three-level permissions hierarchy. However, the permissions configurable on the two higher levels, i.e. permissions for all content and permissions for particular document types, are typically only used in special cases. Therefore, you will typically configure department permissions on document-level.

 

As explained in the Departments overview topic, you can choose department member roles in the Department roles field on the Form tab of the department's parent document. By adding a role to this field, the role is added to the Users and Roles list on the Properties -> Security tab of the parent document and the Read document-level permission is granted to it. All documents stored under the parent document inherit document-level permissions from their parent by default, which results in the fact that members of the roles can view all documents in the department's section. On top of it, these permissions ensure that the department is displayed to them in the My departments list on the Departments section's title page.

 

Apart from the basic Read permission, it is possible to set up additional permissions to enable management of document-based features of the section:

 

•News

•Calendar

•Documents

•Wiki

 

A typical example of this configuration can be seen in the configuration of each pre-defined department shipped with the portal. Let's take the IT department for demonstration:

 

The IT role is intended for ordinary employees without document management permissions. Therefore, only the Read permission is granted to the role on document-level. Contrary to that, the CIO role is intended for the head of the department who should be able to manage all content within the department's section. Therefore, full permissions are granted to the role (as can be seen in the screenshot below) to provide full permissions for all possible content management actions.