Groups, roles, and permissions in a Diligent Data Room organization

This is a high-level overview of how groups, roles, and permissions in a Diligent Data Room organization work and how they relate to each other.

Administrative levels within Diligent Data Room

Diligent Data Room has two main administrative levels and each level and component provides its own access management capabilities, for example roles, groups, or permissions

The organization level
- The organization level is above the component level in hierarchy.
- Managed by organization administrators.
- It governs the users who receive Personal Data rooms, the role assigned to a member of the organization, how many Team Data rooms are available, who manages team rooms initially, storage space assigned to members and team rooms, and which Flow installations are available to assigned Flow managers.
The component level
- The component level comprises of various functional units hosted within the organization: Personal Data rooms, Team Data rooms, and Flow installations.
- Depending on the functional unit they are managed by the room owner, the Team room manager or a Flow manager.
- Each of these components has its own ability to manage access. This means that the relationships and interactions between groups, roles, and permissions are created to ensure that the two main levels always have separate administrative responsibilities.
- An organization administrator cannot access personal data rooms or any team data rooms, Flow installations, and running Flows.

Organization level

Members are invited to a Diligent Data Room organization and assigned roles or groups. This function is performed by an Organization Administrator

Note

You can ignore BoardMember and Submitter roles as they don't have any default privileges.

Assignments	Type	Function
Roles are redefined by the system and can't be edited or changed.	User	This is the default role that every member receives. All the other roles are additional roles that can be assigned to users.
	Admin	Members with the admin role can access features in the Administration area of a Diligent Data Room organization. They are referred to as organization administrators.
	BoardOfficer	This role is used by Flows as the default setting for some permissions. For example, the Flow permissions for managing meetings and the Flow permission for managing applications are by default assigned to users with the BoardOfficer role.
Groups are custom created	Created and managed by Organization Administrators	They are used to assign permissions in Flow installations.

Component level

After a member has registered with an organization they are able to collaborate with others in a number of ways and set the access capabilities.

Component type	Function and specifics	Permission type
Personal Data room	Used to securely store and manage files and folders and only the owner can access their Personal Data room. Everyone invited to the Diligent Data Room organization gets a Personal Data room and are owners of these data rooms. Share folders with members of Diligent Data Room, or with externals who must register with Diligent Data Room as guests (or collaborators).	When sharing a folder, the owner of a personal data room can select permission levels, known as Roles, for the recipient. Co-owner needs to be member of the same Diligent Data Room organization as the owner of the personal data room. The co-owner has the same permissions for the shared folder as the owner of the personal data room. Editor can view, download, modify and delete the content of the shared folder. Reader can view and download the content of the shared folder.
Team Data room	Used to enable efficient collaboration between its members. Permissions and members are managed by a Team room manager. They have as many members as the Team room manager invites. Members of the team room can access the folders and files that their Team room manager has permitted them to see and open. This is dependent on the Permissions and Groups they are assigned. The first Team room manager is assigned by the organization administrator. Note A minimum of two Data room managers should be assigned to every team room to ensure continuity and no loss of data.	Team room managers assign the following permissions: Data room permissions are applied throughout the whole Team Data room. Item permissions are only applied on specific items in the team data room, such as folders and files, and can be inherited by their subitems. Team room Groups can be created by Team room managers and are specific too each team room and aren't related to the Organizational level Groups. Each team room comes with one system group and three pre-defined default groups: Data room manager (system group with a fixed set of permissions) Owner (name and permissions can be edited) Editor (name and permissions can be edited) Reader (name and permissions can be edited)
Meeting Flow installation	Meeting Flow installations are the technical foundation for Flows. They must be created by Organizational Administrators and then configured and activated by a Flow manager. They require a Team data room and should be linked to a Boards meeting. There are dependencies between permissions in the Flow installation and those in the associated team data room. Flow managers configure the permission settings in a meeting Flow installation.	The following permissions apply to each meeting Flow that is started from an installation. Users who can start a Flow with this configuration can start a meeting Flow to organize a meeting. They need access to specific folders in the associated Team Data room, and should be assigned as Owners or Data room managers in the Team room. Users who can co-manage the meetings can work with meeting Flows even though they didn't start the Flow. They need access to specific folders in the associated Team Data room, and should be assigned as Owners or Data room managers in the Team room. Users who can configure this Flow installation can edit the configuration of this meeting Flow installation and activate it. These users are called Flow managers. They need to be a Data room manager of the team room associated with the Flow.

Component type

Function and specifics

Permission type

Personal Data room

Used to securely store and manage files and folders and only the owner can access their Personal Data room.
Everyone invited to the Diligent Data Room organization gets a Personal Data room and are owners of these data rooms.
Share folders with members of Diligent Data Room, or with externals who must register with Diligent Data Room as guests (or collaborators).

When sharing a folder, the owner of a personal data room can select permission levels, known as Roles, for the recipient.

Co-owner needs to be member of the same Diligent Data Room organization as the owner of the personal data room. The co-owner has the same permissions for the shared folder as the owner of the personal data room.

Editor can view, download, modify and delete the content of the shared folder.
Reader can view and download the content of the shared folder.

Team Data room

Used to enable efficient collaboration between its members.
Permissions and members are managed by a Team room manager.
They have as many members as the Team room manager invites.
Members of the team room can access the folders and files that their Team room manager has permitted them to see and open. This is dependent on the Permissions and Groups they are assigned.
The first Team room manager is assigned by the organization administrator.

Note

A minimum of two Data room managers should be assigned to every team room to ensure continuity and no loss of data.

Team room managers assign the following permissions:

Data room permissions are applied throughout the whole Team Data room.
Item permissions are only applied on specific items in the team data room, such as folders and files, and can be inherited by their subitems.

Team room Groups can be created by Team room managers and are specific too each team room and aren't related to the Organizational level Groups.

Each team room comes with one system group and three pre-defined default groups:

Data room manager (system group with a fixed set of permissions)
Owner (name and permissions can be edited)
Editor (name and permissions can be edited)
Reader (name and permissions can be edited)

Meeting Flow installation

Meeting Flow installations are the technical foundation for Flows.
They must be created by Organizational Administrators and then configured and activated by a Flow manager.
They require a Team data room and should be linked to a Boards meeting.
There are dependencies between permissions in the Flow installation and those in the associated team data room.
Flow managers configure the permission settings in a meeting Flow installation.

The following permissions apply to each meeting Flow that is started from an installation.

Users who can start a Flow with this configuration can start a meeting Flow to organize a meeting.

They need access to specific folders in the associated Team Data room, and should be assigned as Owners or Data room managers in the Team room.

Users who can co-manage the meetings can work with meeting Flows even though they didn't start the Flow.

They need access to specific folders in the associated Team Data room, and should be assigned as Owners or Data room managers in the Team room.
Users who can configure this Flow installation can edit the configuration of this meeting Flow installation and activate it. These users are called Flow managers.

They need to be a Data room manager of the team room associated with the Flow.