Understanding Document Permissions
What this helps you do
Task guidance for understanding how document permissions are structured and displayed.
Who can use it
Any user can use this article to understand visible access. Administrators, owners, and access managers can use it to diagnose why a document is visible or hidden.
Required permissions
You need document view access to inspect basic document details. Full permission breakdown may require owner, admin, or access-management permission.
Overview of Document Access
The Document Permissions tab provides a detailed breakdown of who can access a document and why. It is no longer a replica of the folder permissions, but instead specifically details document-level access.
The Permissions tab separates access into several categories:
1. Direct Document Access
This section displays users who have document-level access assigned to them.
- View only: The user can read the document.
- Download: The user can view and download the document.
- Editor: The user can edit the document metadata (if enabled and enforced by system policy).
2. Document Shares
When a document is shared using the Share Document action, those shares appear here. The system displays the real names of the users or roles (rather than showing "Unknown" or User IDs). These entries can be managed or revoked from the Share Document modal.
3. Inherited Folder Access
This section shows access that users have inherited from the folder containing the document.
- Read-only view: Inherited folder access is displayed as read-only in the document permissions panel.
- If access is inherited from a folder, you cannot revoke it here. You must manage it from the folder permissions instead.
4. Workflow Access
If the document is part of an active workflow, workflow-related access is displayed here.
- This section is read-only.
- To manage workflow access, you must use the workflow assignment or supervision tools, not the document permissions screen.
5. Link/Email Sharing
This section details access granted via links.
- Shows public links and secure email-link access.
- Public links can be enabled, disabled, copied, opened, or rotated.
- If a link is disabled or expires, it will immediately stop working.
Delete permission rule
Edit access should not be treated as delete access. Delete should require explicit delete, owner, or administrator permission if DeskDox permission enforcement is configured correctly.
Related Emii questions
- "Why can this user see a document?"
- "Does edit access allow delete?"
- "What is inherited folder access?"
- "Why can't I remove an inherited permission?"
