Setting Document State Permissions
As with the other actions that can be performed in your web site, you must explicitly define which User Types are permitted to invoke the Document Actions that you defined when you configured your state machine. The Document State Permissions page is used to set those permissions.
The page displays all of the actions that are possible in the subject state. The Edit and Delete action permissions are the same as those that you set when you configured the web site user permissions. Actions that move a document from the subject state to another state have a set of user permissions for each of the document status levels:
Any Status - the action may be taken even when some required information has not been completed (). This permission is usually only given to the superuser and would only be exercised when corrective action was needed.
Required Only/Complete - the action is only available when all required information in all of the document's forms that are visible to the user has been completed ( or ). This is the permission most often used for users who will be completing forms.
Complete Only - the action is only available when all information, required and optional, in all visible forms has been completed (). This permission would be used for actions that would only be available when some type of optional information was supplied.
Permissions for the Not Submitted state are shown in the example to the right.
Superusers and applicants can edit and delete documents that have not been submitted.
Only superusers can Submit a document that does not at least have Required Only/Complete status.
Superusers and applicants can Submit documents that have either of the complete statuses.
The example shows the simplest permissions page since only one Document Action can be invoked from the Not Submitted state and only the applicants would typically have access to documents in this state. As you define permissions for states that occur further into your process, the user permissions will be more varied. You may, for example, only allow documents to be deleted if they have never been submitted - at least until that document's cycle has been completed - or you may restrict the Approve and Disapprove actions to only contributors, even restricting superusers from invoking those actions.
Also see: