Permission Manager (.NET)

In Relativity, you can manage varying levels of security for users, system admins, and individual objects, such as views, tabs, and fields, across your instance of Relativity and in each workspace. You can also define custom permissions for Relativity Dynamic Objects (RDOs).

The Services API supports a set of operations for assigning system-defined permissions on the admin, workspace, and item level. You can manipulate either arbitrary sets of individual permissions, or entire admin, workspace, or item permission sets. Note that the logic for working with entire permission sets closely follows the logic of the Relativity permissions UI.

While you can't modify the system-defined permissions, you can programmatically create, update, and delete custom permissions for RDOs. You can perform read and query operations on both system-defined permissions and custom permissions. All operations on permissions are performed asynchronously.

You can also work with permissions using the Relativity REST API.

This page contains the following information:

The Relativity.Identity.SDK contains this API. For compatibility and package installation instructions, see Download the SDKs and NuGet packages.

Permissions fundamentals

Before programmatically interacting with Relativity permissions, familiarize yourself with the Relativity permissions user interface. For more information, see Security and permissions on the RelativityOne Documentation site.

Follow these basic guidelines when working with permissions:

  • Permissions are assigned to groups. Users inherit the highest level permissions based on group membership.
  • Permissions are assigned on the admin level, workspace level, or individual item level.
  • Permissions on admin and workspace level are assigned for each object type: For example, permission to work with Matter objects on the admin level or permission to work with documents on the workspace level.
  • Permissions can be assigned to admin and workspace actions.
  • Permissions can include subpermissions: for example, Document object subpermissions include Print/Save As PDF, Highlight Document, and Add and Delete Images.
  • When programmatically interacting with permissions, you must use appropriate credentials (credentials with permissions to manage permissions). If you use insufficient credentials when working with permissions, nothing is returned.
  • Depending on your application's requirements, you can manipulate either arbitrary sets of individual permissions, or entire admin, workspace, or item permission sets. For more information, see Work with individual permissions, Add and remove groups to permissions, Enable item-level security, and Set group permissions

  • The objects for working with Permissions described in this section are included in the Relativity.Services.Permission namespace. For more information, see Services API.

Typical use cases

The following are some typical use cases of programmatic interaction with permissions by a Relativity application developer or administrator.

Modify permissions for a group

Scenario: Modify selected permissions for users in a group.

  • Use the SetPermissionSelectedForGroupAsync() method of the of the IPermissionManager interface.
    • Input: Workspace ID, Group DTO, permission values
    • Output: Silent success

For more information, see Set permission values.

Apply item level security for specific objects

Scenario: Apply Item level security by removing a group from a workspace field's permissions.

  1. Use QueryAsync() to filter down to the field you are interested in.
  2. Use SetItemLevelSecurityAsync() to enable item-level security.
  3. Use AddRemoveItemGroupsAsync() to remove specific group from the field's permissions.
    • Input: Workspace ID, Field ID, Group ID
    • Output: Silent success

Note: For multiple artifacts and multiple workspaces, repeat the steps above as needed.

For more information, see Query permissions, Enable item-level security, and Add and remove groups to permissions.

Get Permissions for logged in user

Scenario: For a given user who is a member of multiple groups, find the highest level of permissions granted to determine what objects in a workspace to display.

Note: The operations assume the context for the logged in user.

  1. Use QueryAsync() to filter down the list of permissions.
  2. Use GetPermissionSelectedAsync() to find the highest level of permissions granted to the user.
    • Input: Workspace ID, permissions list
    • Output: Permission list with associated values (true or false)

For more information, see Query permissions and Read the current user and group permission values.

Work with individual permissions

You can read and query individual permissions, check if the current user or a specified group have certain permissions, and set individual permissions for a group.

Permission objects

Use the following objects to interact Relativity permissions:

  • PermissionRef
  • Permission
  • PermissionValue
  • PermissionType

PermissionRef

An individual permission is identified by the PermissionRef class. PermissionRef contains these properties:

  • ArtifactType Artifact type identifier of the artifact associated with the permission. The artifact type can be identified by the ArtifactTypeID or GUIDs. For example, a document permission would have the ArtifactTypeID value of 10.
  • Name Name of the permission. The value is displayed by the Relativity permissions UI.
  • PermissionID Unique permission identifier within a Relativity instance.
  • PermissionType The type of Relativity permission represented by the PermissionType object.

PermissionRef is used for identifying permissions passed as input parameters to the GetPermissionSelectedAsync() and GetPermissionSelectedForGroupAsync() methods of the IPermissionManager interface. PermissionRef identifies a permission using the following:

  • PermissionID
  • ArtifactTypeID or ArtifactTypeGuids and Name
  • ArtifactTypeID or ArtifactTypeGuids and PermissionType (for single-type permissions)
  • ArtifactTypeID or ArtifactTypeGuids, PermissionType (for mutiple-type permissions), and Name

PermissionRef implements the IEquatable interface for permission comparison operations. Use the Equals() method with the other PermissionRef object to compare permissions. Permission comparison logic is as follows:

  • Assumes that a semi-populated PermissionRef does not contain mismatched PermissionID/Name pairings.
  • If PermissionID values match, then true.
  • Else if the ArtifactTypeID and Name values match, then true.
  • Else if the PermissionType objects match, and if the matched PermissionTypes are of a type that is expected to be single, for example, Add, Edit, or Delete, then true.
  • Else if any artifact type GUIDS are specified and any of those Guids exist in both compared objects, then true.
 

Permission

A permission can also be represented by the Permission class, which inherits from PermissionRef. Permission is used as input when creating and updating custom permissions.

PermissionValue

The PermissionValue class inherits from PermissionRef. In addition to the inherited properties, it contains the Selected property that specifies whether the permission is enabled for a user or a group. PermissionValue is returned by the GetPermissionSelectedAsync() and GetPermissionSelectedForGroupAsync() methods of the IPermissionManager interface.

PermissionType

The PermissionType class represents the type of Relativity permission returned as the PermissionType property of PermissionRef, Permission, or PermissionValue.

PermissionType contains the following fields:

NameID Description
Add 6 Permission to add objects of a given type.
AdminOperations 10 Admin operations permission type.
Browser9 Browser permission type.
Custom 11 Custom permission type.
Delete 3 Delete permission type.
Edit 2 Edit permission type.
Manage 5 Manage permission type.
MassAction 8 Mass action permission type.
Other 7 Other permission type.
Secure 4 Permission to set security for objects of a given type.
Unknown 0 Unknown permission type.
View 1 Permission to view objects of a given type.

The fields can be used to reference permission type values. Here is how you would check for an Add permission type.

if(somePermissionType.Equals(PermissionType.Add)

PermissionType provides the IsMultiplePermissionType() and IsSinglePermissionType() helper methods to quickly determine if a permission type is for a single or multiple.

  • Single permission types are permissions to interact with objects, for example View, Add, Delete, and Secure.
  • Multiple permission types are PermissionTypes that can define multiple permissions for a given object, for example Other, MassAction, Browser, AdminOperations, Custom.

You can use these constructors to initialize a PermissionType:

  • PermissionType() Initializes the ID and Name to the Unknown values.
  • PermissionType(int typeID) Initializes the ID and Name values to those that match the PermissionTypeID passed in, for example, 1 sets ID = 1 and Name = "View."

You can also set the PermissionType using the static PermissionType constants, for example, PermissionType.View or PermissionType.Custom.

Query permissions

You can query permissions using the QueryAsync() and QuerySubsetAsync() methods of the IPermissionManager interface. Input parameters include the workspace ArtfactID, the Query object, and optional query length. To query for admin permissions, specify -1 as the workspace ArtifactID. The resulting PermissionQueryResultSet contains a collection of Permission objects.

To query permissions:

  1. Create a new instance of the Query object.
  2. Define the search length. This is the number of results to be returned. If more results are available the search results will contain a query token that can be used with QuerySubsetAsync to get the additional results from the search query. Setting length to 0 will use the default length defined in Relativity. When the length parameter is not specified, its value defaults to 0, and the number of returned results defaults to the Instance setting table value of PDVDefaultQueryCacheSize of 10000. For more information about query conditions and using query tokens, see Search Relativity.
  3. Define the search condition for the query. Conditions can be created programmatically using the Condition object and converted to a query string using the ToQueryString extension method that the query conditions accepts. The following code sample illustrates how to query for View permissions.
  4. Create an instance of a Sort and define how this query is to be sorted.
  5. Query for search objects given the above query condition and sort order. If a QueryToken is returned, more results are available that specified by the length parameter.

Read a permission

You can read a single permission using the ReadSingleAsync() method of the IPermissionManager interface. Inputs include the workspace ArtifactID and a PermissionID. To read an admin permissions, specify -1 as the workspace ArtifactID.

Note: If you do not have the permissions to view the artifact or the artifact ID is invalid, the read operation throws the following error: "ArtifactID {0} is invalid."

The following code sample illustrates how to read a permission for a document object.

public static async Task ReadSinglePermissionAsync(IPermissionManager mgr, int workspaceId, int permissionId)
{
    PermissionRef permission = await mgr.ReadSingleAsync(workspaceId, permissionId);
    if (permission != null)
    {
        Console.WriteLine($"Name: {permission.Name}, ID: {permission.PermissionID}");
    }
    else
    {
        Console.WriteLine("Invalid operation.");
    }
}

Some permissions can be defined because they are statically known types. The Add permission of a Document can be defined as a PermissionRef by specifying ArtifactType.ID = ArtifactType.Document and PermissionType = PermissionType.Add.

Note: Only single type permissions for known ArtifactTypes can be defined this way.

Read the current user and group permission values

You can read the specified permissions for the current user or a specified group using the GetPermissionSelectedAsync() and GetPermissionSelectedGroupAsync() methods of the IPermissionManager interface. The methods return a list of PermissionValue objects. A PermissionValue is a fully-populated PermissionRef with an extra property Selected which will be True if the permission is enabled for the user or group.

The methods throw an error if any item in the PermissionRef list is invalid. Invalid conditions include:

  • PermissionRef ID is correct but the Name is not and vice versa.
  • PermissionRef ID does not exist in the system.
  • PermissionRef Name does not exist in the system.

GetPermissionSelectedAsync()

The GetPermissionSelectedAsync() method returns a collection of permission values for the current user. Inputs include the workspace ArtifactID, a collection of PermissionRef objects, and an ArtifactID. To return admin permissions, specify -1 as the workspace ArtifactID. To return permissions of an item with security enabled, specify the item's ArtifactID.

GetPermissionSelectedListAsync()

The GetPermissionSelectedListAsync() method returns a collection of permission values for the current user. It is similar to GetPermissionSelectedAsync(), but instead of only returning permissions for one artifact, you can pass in a list of ArtifactIDs to return a dictionary that maps the ArtifactID to the permissions. Inputs include the workspace ArtifactID, a collection of PermissionRef objects, and a collection of ArtifactIDs. To return admin permissions, specify -1 as the workspace ArtifactID.

GetPermissionSelectedGroupAsync()

The GetPermissionSelectedGroupAsync() method returns a collection of permission values for the specified group. Inputs include the workspace ArtifactID, a collection of PermissionRef objects, and a GroupRef object. To return admin permissions, specify -1 as the workspace ArtifactID. To return permission values of an item with security enabled, specify the item's artifact ID.

Set permission values

You can set individual permissions for a specified group using the SetPermissionSelectedforGroupAsync() method of the IPermissionManager interface. Inputs include the workspace ArtifactID, a collection of PermissionValue objects, and a GroupRef object. To set admin permissions, specify -1 as the workspace ArtifactID. To set permissions for an item with security enabled, specify the item's artifact ID.

Custom permissions

You can define custom permissions for Relativity Dynamic Objects (RDOs). Relativity Legal Hold is an example of an application that uses RDOs with custom permissions, such as Acknowledge on Behalf, Escalate, and Remind.

The Services API supports the create, update, delete, and query operations on Permission DTOs for managing custom permissions. Note that the all other operations that can be performed on Relativity system permissions using the IPermissionManager interface can also be performed on custom permissions. For code samples of reading and querying permissions, see Work with individual permissions.

Create a permission

The following code sample illustrates how to create a custom permission. Note the use of the Permission class to instantiate the new permission. The ArtifactType.ID property is set to the artifact type ID of the RDO for which the custom permission is created. Also note the use of the PermissionType class to set the PermissionType property to custom.

public static async Task<int> CreateSinglePermissionAsync(IPermissionManager mgr, int workspaceId, int rdoTypeId)
{
    var permission = new Permission
    {
        Name = "My Custom Permission",
        PermissionType = PermissionType.Custom,
        ArtifactType = new ArtifactTypeIdentifier(rdoTypeId)
    };

    int createdPermissionId = await mgr.CreateSingleAsync(workspaceId, permission);

    Console.WriteLine($"Successfully created permission with ID {createdPermissionId}.");
    return createdPermissionId;
}

Read a permission

You can read a single permission using the ReadSingleAsync() method of the IPermissionManager interface. Inputs include the workspace ArtifactID and a PermissionID. To read an admin permissions, specify -1 as the workspace ArtifactID. The following code sample illustrates how to read a permission for a document object.

public static async Task ReadSinglePermissionAsync(IPermissionManager mgr, int workspaceId, int permissionId)
{
    PermissionRef permission = await mgr.ReadSingleAsync(workspaceId, permissionId);
    if (permission != null)
    {
        Console.WriteLine($"Name: {permission.Name}, ID: {permission.PermissionID}");
    }
    else
    {
        Console.WriteLine("Invalid operation.");
    }
}

Some permissions can be defined because they are statically known types. The Add permission of a Document can be defined as a PermissionRef by specifying ArtifactType.ID = ArtifactType.Document and PermissionType = PermissionType.Add.

Note: Only single type permissions for known ArtifactTypes can be defined this way.

Update a permission

The following code sample illustrates how to update a custom permission.

public static async Task UpdateSinglePermissionAsync(IPermissionManager mgr, int workspaceId, int permissionId)
{
    var updated = new Relativity.Services.Permission.Permission
    {
        PermissionID = permissionId,
        Name = "New Permission Name"
    };

    await mgr.UpdateSingleAsync(workspaceId, updated);
    Console.WriteLine("Success.");
}

Delete a permission

The following code sample illustrates how to delete a custom permission.

public static async Task DeleteSinglePermissionAsync(IPermissionManager mgr, int workspaceId, int permissionId)
{
    await mgr.DeleteSingleAsync(workspaceId, permissionId);
    Console.WriteLine($"Successfully deleted permission {permissionId}.");
}

Add and remove groups to permissions

Before specific permissions can be assigned, a group must be added to admin, workspace, or item permissions.

Groups with assigned admin, workspace, or item permissions are represented by the GroupSelector class. The groups with permissions are listed as a collection of GroupRef objects in the EnabledGroups property. All other groups in the Relativity instance are listed in the DisabledGroup property.

Admin groups

To return an instance of GroupSelector for admin permissions, use the GetAdminGroupSelector() method of the Permission interface.

GroupSelector selector = await proxy.GetAdminGroupSelectorAsync();

This is equivalent to displaying groups with admin permissions in the Admin Security dialog (accessed from the Instance Details tab).

(Click to expand)

To add and remove groups to admin permissions:

  1. Get a GroupSelector as shown above.
  2. After you have a GroupSelector, manipulate the GroupSelector by moving the groups into the EnabledGroups and DisabledGroups collections as GroupRef objects. (For simplicity you can set the enabled and disabled groups to only the groups you wish to modify. All other groups will not be altered within the GroupSelector object when setting the values.)
    List<GroupRef> groupRefs = new List<GroupRef>() {new GroupRef(groupID.Value)};
      
    // Add a group.
    adminSelector.EnabledGroups = groupRefs;
    adminSelector.DisabledGroups = new List<GroupRef>();
  3. Set the groups by calling the AddRemoveAdminGroupsAsync() method of the Permission interface and pass in the GroupSelector object.
    await proxy.AddRemoveAdminGroupsAsync(adminSelector);

Note: The GroupSelector object must have the latest value of LastModified, and every call that returns GroupSelector will update this value. This prevents a user from reading a value and modifying it if another user has read that value with the intent of changing it as well. Item-level security must be enabled to add or remove groups to the permissions for individual items.

Workspace groups

To return an instance of GroupSelector for a workspace, use the GetWorkspaceGroupSelector() method of the Permission interface and pass in the workspace Artifact ID.

GroupSelector selector = await proxy.GetWorkspaceGroupSelectorAsync(this.SampleWorkspace_ID);

This is equivalent to displaying groups with workspace permissions in the Workspace Security dialog (accessed from the Workspace Details tab).

(Click to expand)

To add and remove groups to workspace permissions:

  1. Get a GroupSelector as shown above.
  2. After you have a GroupSelector, manipulate the GroupSelector by moving the groups into the EnabledGroups and DisabledGroups collections as GroupRef objects. (For simplicity you can set the enabled and disabled groups to only the groups you wish to modify. All other groups will not be altered within the GroupSelector object when setting the values.)
    List<GroupRef> groupRefs = new List<GroupRef>() {new GroupRef(groupID.Value)};
    
    // Add a group.
    adminSelector.EnabledGroups = groupRefs;
    adminSelector.DisabledGroups = new List<GroupRef>();
  3. Set the groups by calling the AddRemoveWorkspaceGroupsAsync() method of the Permission interface and pass in the GroupSelector object.
    await proxy.AddRemoveWorkspaceGroupsAsync(workspaceSelector);

Item groups

To return an instance of GroupSelector for an admin or workspace item, use the GetItemGroupSelector() method of the Permission interface and pass in the Artifact IDs of the workspace and the item.

GroupSelector selector = await proxy.GetItemGroupSelectorAsync(this.SampleWorkspace_ID, this.SampleRDO_ID);

This is equivalent to displaying groups with item permissions in the Item Security dialog (accessed by clicking the Security icon () for an item in the list).

(Click to expand)

To add and remove groups to item permissions:

  1. Get a GroupSelector as shown above.
  2. After you have a GroupSelector, manipulate the GroupSelector by moving the groups into the EnabledGroups and DisabledGroups collections as GroupRef objects. (For simplicity you can set the enabled and disabled groups to only the groups you wish to modify. All other groups will not be altered within the GroupSelector object when setting the values.)
    List<GroupRef> groupRefs = new List<GroupRef>() {new GroupRef(groupID.Value)};
     
    // Add a group.
    adminSelector.EnabledGroups = groupRefs;
    adminSelector.DisabledGroups = new List<GroupRef>();
  3. Set the groups by calling the AddRemoveItemGroupsAsync() method of the Permission interface and pass in the GroupSelector object.
    await proxy.AddRemoveItemGroupsAsync(itemSelector);

Enable item-level security

In order to set item permissions, Item-level security must be enabled for individual Relativity artifacts. Item-level security is represented by the ItemLevelSecurity class.

ItemLevelSecurity class includes the following properties:

  • ArtifactID – ArtifactID.
  • Enabled – Is Item Level Security enabled.
  • LastModified – Last modified timestamp.

Get item-level security

To return item-level security settings for a Relativity artifact, use the GetItemLevelSecurityAsync() and GetItemLevelSecurityListAsync() methods of the Permission interface.

GetItemLevelSecurityAsync()

The GetItemLevelSecurityAsync() method returns the item-level security settings for a specified workspace and the artifact ID.

ItemLevelSecurity itemLevelSecurity = await proxy.GetItemLevelSecurityAsync(this.SampleWorkspace_ID, this.SampleRDO_ID);
 
int id = itemLevelSecurity.ArtifactID;
bool enabled = itemLevelSecurity.Enabled;
DateTime lastModified = itemLevelSecurity.LastModified;
 
string info = string.Format("{0} : {1} - {2}", id, enabled, lastModified);

GetItemLevelSecurityListAsync()

The GetItemLevelSecurityListAsync() method is similar to GetItemLevelSecurityAsync(), but instead of returning item-level security for one artifact, you can pass in a list of ArtifactIDs and return a dictionary.

Dictionary<int, ItemLevelSecurity> itemLevelSecurity = await proxy.GetItemLevelSecurityListAsync(this.SampleWorkspace_ID, new List<int> { this.SampleRDO_ID } );

//GetItemLevelSecurityListAsync returns a dictionary 
//Key is the item's ArtifactID
//and value contains the item's ArtifactID, whether item level security is enabled, and when the security was last modified
int id = itemLevelSecurity[this.SampleRDO_ID].ArtifactID;

bool enabled = itemLevelSecurity[this.SampleRDO_ID].Enabled;
DateTime lastModified = itemLevelSecurity[this.SampleRDO_ID].LastModified;

string info = string.Format("{0} : {1} - {2}", id, enabled, lastModified);

//If the user making the request does not have secure permissions on the item they'll get back an empty object
this.Logger.LogMessage(Client.SamplesLibrary.Logging.LogLevel.Debug, new StackFrame(0).GetMethod().Name, info, this.GetType().Name);

success = true;

Set item-level security

To enable or disable item-level security settings for a Relativity artifact, use the SetItemLevelSecurityAsync() method of the Permission interface and pass in the Artifact IDs of the workspace and the artifact.

ItemLevelSecurity itemLevelSecurity = await proxy.GetItemLevelSecurityAsync(this.SampleWorkspace_ID, this.SampleRDO_ID);
 
itemLevelSecurity.Enabled = !itemLevelSecurity.Enabled;
 
await proxy.SetItemLevelSecurityAsync(this.SampleWorkspace_ID, itemLevelSecurity);

After item level security is enabled, you can set item-level permissions.

Set group permissions

After groups have been added, you can assign them specific admin, workspace, or item permissions.

Group permissions are represented by the GroupPermissions class. GroupPermissions contains these properties corresponding to the Relativity permissions categories:

  • AdminPermissions – Admin permissions. Different admin permissions can be set on the admin and workspace level. The property is a collection of GenericPermission objects.
  • BrowserPermissions – Relativity user interface browser permissions set on the workspace level. The property is a collection of GenericPermission objects.
  • MassActionPermissions – Mass action permissions set on the workspace level. The property is a collection of GenericPermission objects.
  • ObjectPermissions – Object permissions. Different object permissions can be set on the admin, workspace, and item level. The property is a collection of ObjectPermission objects.
  • TabVisibility – Tab visibility. The property is a collection of ObjectPermission objects.

ObjectPermission class includes these properties:

  • AddEditable – Indicates whether the group can modify add permissions.
  • AddSelected -Indicates whether the group has add permissions.
  • ArtifactGroupingID – The ID that links the permission to the group.
  • ArtifactTypeID – ArtifactTypeID of the object.
  • CanRemovePermissions – Indicates whether the group can disable all permissions.
  • CustomPermissions – Custom permission details.
  • DeleteEditable – Indicates whether the group can modify delete permissions.
  • DeleteSelected – Indicates whether the group has delete permission.
  • EditEditable – Indicates whether the group can modify edit permissions.
  • EditSecurityEditable – Indicates whether the group can modify EditSecurity permissions.
  • EditSecuritySelected – Indicates whether the group has EditSecurity permission.
  • EditSelected – Indicates whether the group has Edit permission.
  • HasChildPermissions – Indicates if this has child permissions.
  • HierarchyIndent – Indicates the current indent of this permission hierarchy.
  • Name – Permission display name.
  • ParentArtifactTypeID – Parent ArtifactTypeID.
  • SubPermissions – Subpermission details. The property is a collection of PermissionDetail objects.
  • ViewSelected – Indicates whether view permissions are enabled.

GenericPermission class represent non-object permissions. The class includes these properties:

  • Children – Generic permission child permissions.
  • Editable – Generic permission can be modified.
  • Name – Generic permission name.
  • Selected – Generic permission type is selected.
  • Value – ArtifactID.

Subpermissions are represented by the PermissionDetail class. PermissionDetail includes these properties:

  • Name – Permission name
  • PermissionID – Permission ID.
  • Selected – Permission of given type is selected.

Note: To modify individual permissions without reading all group permissions, use the SetPermissionSelectedForGroupAsync() method. For more information, see Set permission values.

Admin group permissions

IPermissionManager interface provides the methods to get and set the admin group permissions.

Get admin group permissions

To return an instance of admin GroupPermissions, use the GetAdminGroupPermissionsAsync() method of the IPermissionManager interface.

GroupPermissions permissions = await proxy.GetAdminGroupPermissionsAsync(groupRef);

The resulting GroupPermissions objects contains the following admin permissions.

  1. Object Security

    (Click to expand)

  2. Tab Visibility

    (Click to expand)

  3. Admin Operations

    (Click to expand)

Set admin group permissions

To set admin group permissions:

  1. Get the full permission structure in the GroupPermissions objects by calling GetAdminGroupPermissionsAsync() method of the Permissions interface.
    GroupPermissions permissions = await proxy.GetAdminGroupPermissionsAsync(groupRef);
  2. After you return a current GroupPermissions object, you can then inspect and manipulate the permissions within the object.
    List<ObjectPermission> objectPermissions = permissions.ObjectPermissions;
    ObjectPermission objectPermission = objectPermissions.First(x => x.Name == "Some Permission Name");
    objectPermission.EditSecuritySelected = false;permissions.TabVisibility = tabVisibility;
  3. After setting the permissions, pass the GroupPermissions object to the SetAdminGroupPermissionsAsync() of the Permissions interface.
    await proxy.SetAdminGroupPermissionsAsync(permissions);

Note: The GroupPermissions object must have the latest value of LastModified, and every call that returns GroupPermissions will update this value. This prevents a user from reading a value and modifying it if another user has read that value with the intent of changing it as well. Item-level security must be enabled to change item-level permissions.

Workspace group permissions

IPermissionManager interface provides the methods to get and set the workspace permissions for groups.

Get workspace group permissions

To return an instance of workspace GroupPermissions, use the GetWorkspaceGroupPermissionsAsync() method of the Permission interface and pass in the Artifact IDs of the workspace.

GroupPermissions permissions = await proxy.GetWorkspaceGroupPermissionsAsync(this.SampleWorkspace_ID, groupRef);

The resulting GroupPermissions object contains the following workspace permissions.

  1. Object Security

    (Click to expand)

  2. Tab Visibility

    (Click to expand)

  3. Other Settings: Browser, Mass Operations, and Admin Operations

    (Click to expand)

Set workspace group permissions

To set workspace group permissions:

  1. Get the full permission structure in the GroupPermissions objects by calling GetWorkspaceGroupPermissionsAsync() method of the Permissions interface.
    GroupPermissions permissions = await proxy.GetWorkspaceGroupPermissionsAsync(groupRef);
  2. After you return a current GroupPermissions object, you can then inspect and manipulate the permissions within the object.
    List<ObjectPermission> objectPermissions = permissions.ObjectPermissions;
    ObjectPermission objectPermission = objectPermissions.First(x => x.Name == "Some Permission Name");
    objectPermission.EditSecuritySelected = false;permissions.TabVisibility = tabVisibility;
  3. After setting the permissions, pass the GroupPermissions object to the SetWorkspaceGroupPermissionsAsync() of the Permissions interface.
    await proxy.SetWorkspaceGroupPermissionsAsync(permissions);

Note: The GroupPermissions object must have the latest value of LastModified, and every call that returns GroupPermissions will update this value. This prevents a user from reading a value and modifying it if another user has read that value with the intent of changing it as well. Item-level security must be enabled to change item-level permissions.

Item group permissions

IPermissionManager interface provides the methods to get and set group permissions for individual Relativity items.

Get item group permissions

To return an instance of item GroupPermissions, use the GetItemGroupPermissionsAsync() method of the Permission interface and pass in the Artifact IDs of the workspace and the item.

GroupPermissions permissions = await proxy.GetItemGroupPermissionsAsync(this.SampleWorkspace_ID, this.SampleRDO_ID, groupRef);

The arguments passed to the GetItemGroupPermissionsAsync() method include:

  • this.SampleWorkspace_ID - the Artifact ID of the workspace where the item exists.
  • this.SampleRDO_ID - the Artifact ID of the item that you want to the group permissions for.
  • groupRef - a Reference object for a group, whose permissions to the item you want to find. Reference the group by name or Artifact ID.

The resulting GroupPermissions object can contain different sets of properties depending on the object type. The following is an example of Document object permissions. Note that the Subpermissions property (Print/Save As PDF, Redact, Highlight Document, etc.) contains a collection of PermissionDetail objects.

(Click to expand)

Set item group permissions

To set item group permissions:

  1. Get the full permission structure in the GroupPermissions objects by calling GetItemGroupPermissionsAsync() method of the Permissions interface.
    GroupPermissions permissions = await proxy.GetItemGroupPermissionsAsync(this.SampleWorkspace_ID, this.SampleRDO_ID, groupRef);

    The arguments passed to the GetItemGroupPermissionsAsync() method include:

    • this.SampleWorkspace_ID - the Artifact ID of the workspace where the item exists.
    • this.SampleRDO_ID - the Artifact ID of the item that you want to the group permissions for.
    • groupRef - a Reference object for a group, whose permissions to the item you want to find. Reference the group by name or Artifact ID.
  2. After you return a current GroupPermissions object, you can then inspect and manipulate the permissions within the object.
    List<ObjectPermission> objectPermissions = permissions.ObjectPermissions;
    ObjectPermission objectPermission = objectPermissions.First(x => x.Name == "Some Permission Name");
    objectPermission.EditSecuritySelected = false;
    permissions.TabVisibility = tabVisibility;
  3. After setting the permissions, pass the GroupPermissions object to the SetItemGroupPermissionsAsync() of the Permissions interface.
    await proxy.SetItemGroupPermissionsAsync(permissions);

Note: The GroupPermissions object must have the latest value of LastModified, and every call that returns GroupPermissions will update this value. This prevents a user from reading a value and modifying it if another user has read that value with the intent of changing it as well. Item-level security must be enabled to change item-level permissions.

User lookup in groups

The Permissions interface provides helper methods to return a list of users associated with a group with a admin, workspace, or item permissions.

Get admin group users

To return a list of users in a group with admin permissions (corresponding to the EDDS Relativity database), call the GetAdminGroupUsersAsync() and pass in the GroupRef object.

List<UserRef> users = await proxy.GetAdminGroupUsersAsync(groupRef);

foreach (UserRef userRef in users)
{
     string info = string.Format("{0} : {1}", userRef.ArtifactID, userRef.Name);
}

Get workspace group users

To return a list of users in a group with workspace permissions (corresponding to a Relativity workspace database), call the GetWorkspaceGroupUsersAsync() and pass in the Artifact ID of the workspace and a GroupRef object for the group.

List<UserRef> users = await proxy.GetWorkspaceGroupUsersAsync(this.SampleWorkspace_ID, groupRef);

foreach (UserRef userRef in users)
{
     string info = string.Format("{0} : {1}", userRef.ArtifactID, userRef.Name);
}

Get item group users

To return a list of users in a group with item permissions, call the GetItemGroupUsersAsync() and pass in the Artifact IDs of the workspace and the item, and a GroupRef object for the group.

List<UserRef> users = await proxy.GetAdminGroupUsersAsync(this.SampleWorkspace_ID, this.SampleDocument_ID, groupRef);

foreach (UserRef userRef in users)
{
     string info = string.Format("{0} : {1}", userRef.ArtifactID, userRef.Name);
}

Additional Resources

DevHelp Community GitHub Release Notes NuGet

Share knowledge with the Relativity developer community.

Access tools and resources to build an application.

Review the most recent product release notes.

Create .NET Apps faster with NuGet.