AvePoint Docs
Contact support
Contact support
English

    Home > Settings > Manage Accounts

    Export to PDF

    Manage Accounts

    The Account management page allows you to create security groups to set permissions for users and groups (Microsoft 365 Group, security group, distribution group) in AvePoint Opus.

    On the Security group management page, there are three built-in security groups:

    - **Administrators (built-in)** – Users in this group have access to all content sources in AvePoint Opus. Service administrators and application administrators registered in AvePoint Online Services are synchronized to this group by default. This group is not editable. - **End** **users (built-in)** – Users in this group only have access to the Physical Records content source. You can edit this group to add or remove users as well as grant permissions to perform different operations in **Physical Records** > **Explorer**. - **Reviewers (built-in)** – Users in this group have access to the **Records for** **review** and **Smart** **classifications for** **review** pages to process their tasks. You can edit this group to add or remove users.

    Complete the following steps to create a security group:

    1. Click Create security group.

    2. Security group name – Enter a name.

    3. Description – Enter an optional description.

    4. Users/Groups – Enter names to find users or groups (Microsoft 365 Group, security group, and distribution group).

      If you are using Opus to manage files in Google Drive, you can enter names to find Google users or groups.

    5. Permission settings – Select Data scope if you want to define permission settings for each content source, or select Function module if you want to define permission settings for the Restore center module.

      If you select Data scope, continue to select a content source. Security group members have permission to manage records within the assigned content source:

      • Teams & Groups – After selecting this option, click the Set Container (Button: set container) button to select specific containers to narrow down permissions.

        *Note: Each container can only be assigned to one security group to avoid users from other security groups managing the same record.

      • SharePoint Online – After selecting this option, click the Set Container (Button: set container) button to select specific containers to narrow down permissions.

        *Note: Each container can only be assigned to one security group to avoid users from other security groups managing the same record.

      • OneDrive – After selecting this option, click the Set Container (Button: set container) button to select specific containers to narrow down permissions.

        *Note: Each container can only be assigned to one security group to avoid users from other security groups managing the same record.

      • Exchange Online – After selecting this option, click the Set Container (Button: set container) button to select specific containers to narrow down permissions.

        *Note: Each container can only be assigned to one security group to avoid users from other security groups managing the same record.

      • Physical Records – After selecting this option, select a user role for physical records management.

        By default, records managers and end users have access to all containers. You can grant access to physical content to specific end users by settings access controls.

        • Records managers – Records managers can create and track physical content, and process requests to provide physical content to end users.

          *Note: Records managers can only be assigned to one security group to avoid users from other security groups managing the same record.

        • End users – Click the Edit Permission (Button: Edit Permission) button to grant end users the following permissions for Physical Records > Explorer:

          • Set access control – With this permission selected, end users can grant access control of the physical content where they have access to other end users.

          • Submit folder creation request – With this permission selected, end users can submit physical folder creation requests to retrieve physical folders.

          • Submit box/folder loanrequest – With this permission selected, end users can submit physical box/folder loan requests to retrieve physical boxes/folders.

          • Submit box creation request – With this permission selected, end users can submit physical box creation requests to retrieve physical boxes.

          • Return box/folder – With this permission selected, end users can return the physical boxes/folders they borrowed.

      • File System – After selecting this option, security group members have access to all File System connections.

        *Note: The File System content source can only be assigned to one security group to avoid users from other security groups managing the same record.

      • SharePoint On-Premises – After selecting this option, security group members have access to all SharePoint On-Premises containers.

      • *Note: The SharePoint On-Premises content source can only be assigned to one security group to avoid users from other security groups managing the same record.

      • Azure File Share – After selecting this option, security group members have access to all Azure File Share connections.

      • Box – After selecting this option, security group members have access to all Box connections.

      • Google Drive – After selecting this option, security group members have access to all Google Drive containers.

      If you select Function module, continue to select a permission level for the Restore center module.

      • Full control – Security group members have the full control for Restore center.

      • Search and export results – Security group members can search records and export the results in Restore center.

      • Search only – Security group members can only search records in Restore center.

    6. Terms and rules – Choose whether to assign specific terms and rules to the security group members. Without selecting this checkbox, security group members will have access to all terms and rules. It is recommended that you assign different terms and rules to different security groups for better permission management.

      *Note: If you have assigned a specific term scope and rule scope to one security group, you need to assign a term scope and rule scope to all other security groups to have all security groups under strict permission control. Each term scope and rule scope can only be assigned to one security group to avoid users from other security groups using the same term and rule to manage records.

      • Term scope – Select term scope (from the term group level down to the term set level) to be available for the security group members. Security group members can use terms within the term scope to classify records within the content source defined above.

      • Rule scope – Select rule containers to be available for the security group members. Security group members can use rules within the rule container to manage records within the content source defined above.

    7. Reports – Choose whether to assign specific reports to the security group members.

      *Note: Security groups that do not have access permissions to certain content sources, specifically containers, will not be able to see these restricted content sources or containers when managing reports.

    8. Holds – Choose whether to allow the security group members to manage holds.

    9. Records for review – Choose whether to allow the security group members to configure approval settings on the My tasks > Records for review page > Under review tab.

    10. Click Save. After creating a security group, you can click Edit to edit the security group or click Delete to delete the security group.

    On the User management page, view the security groups where a user/group exists. Click View permission details next to a user/group to view the permission details.