Folder Level Users

Users at the level of the Manage / Local Users folder can be created by a User with the Global Administrator role or by a User with Owner permissions.

Folder Level Users obey the following rules:

• The options are available to folder owners for all folders with the exception of a root folder and any folder in a personal folder.
• All rules are enforced in the GUI and through the server-side AP.
• Folder-level API Tokens could be generated for the folder-level users only. Global tokens could be generated for any users though (even for folder-level ones).
• Owners cannot grant permissions for folder-level principals (users or groups) from other folders. System principals, AD principals or folder-level principals from the same folder could be used for permissions.
• A folder-level principal cannot be granted system admin or system auditor roles.
• Folder-level principals cannot be granted any global permission.
• Folder level groups can include system principals or principals from the same folder as group members but not from other folders.
• Principals and API tokens from subfolders could be managed in the parent folders.
• Folder-level API Tokens could be generated for the folder-level users only. Global tokens could be generated for any users though (even for folder-level ones).
• Owner are available to manage item workflow bindings allowing system administrators to delegate workflow management to vault and folder owners.