Who Is This For?
QA Administrators / System Admins β configuring org-wide visibility and classified access
Process Owners / Document Owners β assigning document roles and responsibilities
Authors, Reviewers, Approvers β understanding permissions during drafting and approval
How to Do It?
Step 1: Set organization - wide viewing defaults
Define how the All Internal Users group is automatically applied to new or released documents.
Go to Settings from the sidebar.
Click Organization to access global visibility settings.
Set All Internal Users Group to either All Documents or Only Released Documents, based on your policy.
Click Save to apply changes.
Option | Description |
All Documents | All new documents automatically include the All Internal Users group. |
Only Released Documents | Only released documents automatically include the All Internal Users group. |
β Compliance reminder: Apply the least privilege principle. Start restrictive and expand only when necessary.
π Reference: Adjusting Your Organization Settings
Step 2: Control access to sensitive content with Classified Documents
Use classification to strictly limit access to specific entity types.
If an entity type is marked classified, only members of the Classified group can view it.
Classified access is assigned per user by an Administrator.
When a type is marked classified, a dedicated Classified group is automatically created and cannot be removed or replaced.
π‘Tip: Keep the list of users with classified access short and review it regularly.
β Regulatory note: Restrict confidential or patient-related information to documented, trained individuals only.
π Reference: Configuring Entity Types
Step 3: Assign document access roles for clarity and control
Use roles to define who drafts, reviews, approves, or only reads each document.
Navigate to the documen to open the property card.
In the document access section, click the pencil icon.
Assign Process Owner, Owner, Author, Reviewer, Approver, and Viewer as needed.
Save to apply document access updates.
Field name | Description | Note |
Process Owner | Manages a process. Can access all documents linked to that process, make edits where allowed, move through workflows, and update assigned roles. | Documents are not directly assigned but always accessible via search or views. |
Owner | Responsible for a specific document. Can edit, move through workflow steps, and update assigned roles. | Documents are not directly assigned but accessible via search or views. |
Author | Drafts and prepares the document. Can edit all content and properties while the document is editable. | Full editing access in any editable state. |
Reviewer | Reviews the document when sent for review. Can edit content and properties while reviewing; retains read access after review is finished. | β |
Approver | Approves or rejects the document. During approval, the document is read-only for everyone else. Requires electronic signature. | If multiple approvers are assigned, all must approve; a single rejection returns the doc to Author(s). |
Viewer | Read-only access. Can view documents but cannot edit, progress workflows, or update roles. | β |
Step 4: Validate effective access (org defaults + classified access + document access)
Confirm what users can actually see and do.
Org defaults determine broad visibility via All Internal Users.
Classified types override and restrict access to authorized users only.
Roles (Owner/Author/Reviewer/Approver/Viewer) grant functional permissions through the lifecycle.
π‘Tip: Test with a non-admin account or use a test user to confirm the end-user view.
π References:
Tips
π‘ Use Only Released Documents if drafts typically contain sensitive or in-progress data not intended for broad viewing.
π‘ Keep Classified access tightly controlled and reviewed on a recurring schedule.
π‘ Predefine Groups for Process Owners and common Review/Approval panels to speed up role assignment.