EDT Security

SharePoint provides three main permission levels groups. They include:

• Owners who are granted ‘Full Control’ permissions,
• Members who are granted ‘Contribute’ permissions, and
• Visitors who are granted ‘Read’ permissions.

NextDocs uses Access Control Levels (ACLs) to selectively restrict access to specific locations or resources within EDT. The system allows the administrator to configure the permissions at a more granular level than the SharePoint user and group permissions provide by assigning the SharePoint groups to ACLs and then further defining the permission in the Setting Grid.

As discussed previously in the section titled ACL Grid, an administrator can create or modify grid entries.

The system provides the following out of the box ACLs:

• Global grants access to users with nonspecific access requirements,
• Final grants access to ‘final’ documents,
• trialFile grants access to the Product File container and items which are only added to EDT when they become ‘final’.

In the following example, all three SharePoint groups have access to ‘final’ documents, but only ND eTMF Members and ND eTMF Owners have access to the Product File container and items.

The Settings Grid allows the administrator to link the SharePoint groups to user capabilities. When the user logons on, the system interrogates the user’s group membership or memberships. Based upon his group membership, the system determine which capabilities the user should have. The capabilities determine what actions, buttons, etc. the logged on user should have visibility and access to.

In the example below, the ND eTMF Visitors would have ‘read’ capabilities, the ND eTMF Members have ‘contribute’ capabilities, etc.