Learn how to manage access, protect content, and apply security settings to keep your data secure and under control. Security in EPC provides flexible, role-based control over who can access, edit, or manage content. Whether assigning permissions to individual users, groups, or specific objects, this page explains the key concepts and tools to help you keep your environment secure.
On this page:
- What Are the Security Levels?
- Who Can Manage Security?
- How Direct Security Works in EPC
- Permission Scenarios
- Understanding Download and Print Authorizations
Related guides:
For step-by-step instructions on managing security in EPC, see:
- Managing Environment Permissions & Admin License
- Managing Security on Individual Objects
- Assign Licenses and Authorizations to Users and Groups
What Are the Security Levels?
Security consists of three components: Licenses, Authorizations, and Permissions.
| Components | Options |
|---|---|
| Licenses |
|
| Authorizations |
|
| Permissions |
|
Who Can Manage Security?
Security management is available to Admins and certain users with access to the Latest database, depending on their permissions.
| Role | What They Can Manage |
|---|---|
| System Admin | Security for environments and objects. |
| Environment Admin | Security for objects within their environment. |
| Users with Access to Latest Database + Delete Permission | Security for objects they can delete. |
How Security Works in EPC
Users can define security for groups or users by assigning permissions directly on environments, sets, folders, and objects. These permissions can be applied independently or automatically propagated to child objects.
For example, you might grant a group Delete permission on a set, but only give them Read Latest permission on a sensitive folder within that set. This ensures the group cannot edit or delete that folder. Direct security allows fine-grained, independent control at every level.
If your security model is simpler, you can also apply permissions at the environment level, granting access to all objects in the environment.
Permission Scenarios
What Happens When…
| Action | Result |
|---|---|
| You have different permissions via group and user | You get the highest permission. Example: group has Delete, user has Read → you get Delete. |
| You move an object | It keeps its current permissions. |
| You create a new object | It inherits permissions from its parent. |
| You merge an object | It gets the permissions of the destination object. |
| You copy an object | It inherits permissions from the new parent. |
How Do I Grant a User…
| License | Permission | Authorization | |
|---|---|---|---|
| Publish access? | Access to Latest DB | Write or Delete | Publish |
| Merge access? | Access to Latest DB | Delete | Merge |
| Import access? | Environment Admin | — | Import |
| Export access? | Environment Admin | — | Export |
| Read-only access? | Access to Published DB | Read Published | — |
| Latest access? | Access to Latest DB | Read Latest | — |
| Write access? | Access to Latest DB | Write | — |
| Delete access? | Access to Latest DB | Delete | — |
Understanding Download & Print Authorizations
The rules for Download and Print authorizations only apply when the DOCUMENT_CONTROL_COPIES system setting is enabled.
With this setting turned on, you can control whether users can download original files, access previews, or print documents based on their assigned permissions.
- Office (.docx, .xlsx, etc.) & PDF Files
- → To print, users must also be allowed to download.
→ If a user is allowed to download but not print, the system provides a non-printable PDF preview.
Here’s a table to better show these rules:
Download Auth. Print Auth. Can download? Can print? File Preview ✅ ✅ ✅ Original file ✅ Unprintable PDF ✅ ❌ ✅ Unprintable PDF ❌ Unprintable PDF ❌ ✅ ❌ ❌ Unprintable PDF ❌ ❌ ❌ ❌ Unprintable PDF - Other Files (Images, ZIPs, etc.)
- → To print, users must also be allowed to download.
→ If a user is allowed to download but not print, they can still access and open the original file.
Here’s a table to better show these rules:
Download Auth. Print Auth. Can download? Can print? File Preview ✅ ✅ ✅ Original file ✅ Unprintable ✅ ❌ ✅ Original file ❌ Unprintable ❌ ✅ ❌ ❌ Unprintable ❌ ❌ ❌ ❌ Unprintable - Object Book Generation
- → If the user can download and print, the object book is generated as a Word document.
→ If the user can download but not print, it is generated as a non-printable PDF.
→ If the user cannot download, they cannot generate the object book at all.
Here’s a table to better show these rules:
Download Auth. Print Auth. Book Generation ✅ ✅ ✅ Generated as Word file ✅ ❌ ✅ Generated as an unprintable PDF ❌ ✅ ❌ ❌ ❌ ❌
Need more help with this?
Visit the Support Portal