Sharing and Access Control3 min readReviewed 2026-05-13

Understanding Document Permissions

What this helps you do

Task guidance for understanding how document permissions are structured and displayed.

Who can use it

Any user can use this article to understand visible access. Administrators, owners, and access managers can use it to diagnose why a document is visible or hidden.

Required permissions

You need document view access to inspect basic document details. Full permission breakdown may require owner, admin, or access-management permission.

Overview of Document Access

The Document Permissions tab provides a detailed breakdown of who can access a document and why. It is no longer a replica of the folder permissions, but instead specifically details document-level access.

The Permissions tab separates access into several categories:

1. Direct Document Access

This section displays users who have document-level access assigned to them.

  • View only: The user can read the document.
  • Download: The user can view and download the document.
  • Editor: The user can edit the document metadata (if enabled and enforced by system policy).

2. Document Shares

When a document is shared using the Share Document action, those shares appear here. The system displays the real names of the users or roles (rather than showing "Unknown" or User IDs). These entries can be managed or revoked from the Share Document modal.

3. Inherited Folder Access

This section shows access that users have inherited from the folder containing the document.

  • Read-only view: Inherited folder access is displayed as read-only in the document permissions panel.
  • If access is inherited from a folder, you cannot revoke it here. You must manage it from the folder permissions instead.

4. Workflow Access

If the document is part of an active workflow, workflow-related access is displayed here.

  • This section is read-only.
  • To manage workflow access, you must use the workflow assignment or supervision tools, not the document permissions screen.

5. Link/Email Sharing

This section details access granted via links.

  • Shows public links and secure email-link access.
  • Public links can be enabled, disabled, copied, opened, or rotated.
  • If a link is disabled or expires, it will immediately stop working.

Delete permission rule

Edit access should not be treated as delete access. Delete should require explicit delete, owner, or administrator permission if DeskDox permission enforcement is configured correctly.

Related Emii questions

  • "Why can this user see a document?"
  • "Does edit access allow delete?"
  • "What is inherited folder access?"
  • "Why can't I remove an inherited permission?"

Was this article helpful?

Related articles

Continue with closely related sharing and access control guidance.