DRACOON has a granular rights and role structure to guarantee that each user only has access to data that is intended for him. So that the administration of users does not cause too much manual effort, groups can be created, and users can simply be assigned to groups. In the following, all roles and rights that a user can have are briefly explained again. At the end of the article you can read our recommendations how to develop a suitable user group structure for an organization.
To give the user a role, select him from the list and select the desired roles at the bottom right of the page.
The following roles can be assigned to the users:
Config Manager: Users with the role Configuration Manager can have system settings (e.g. authentication settings, mail server configuration etc.) at their disposal. The configuration manager can also customize the branding in the new DRACOON WebApp.
Users manager: The user manager has the right to create, edit and delete new users in DRACOON.
Group manager: The group manager has the right to create and delete new groups and to add and remove users from groups.
Room Manager: Users with this role can create, edit and delete top-level data rooms. They can also control the quota of rooms.
Auditor: The Auditor role gives the user the right to view the audit log and perform evaluations using the Reporting Tool. The audit log records all user activities in DRACOON.
DRACOON note: If a user has all these roles, he can also pass them on to other users.
If you go into a data room, click on the three dots next to the room name you can assign the following rights to the individual users under "Permissions":
Room Administrator: If the user has all the rights below, he has the role “Room Administrator” for this data room.
Read files and folders: The user can view and download files and folders.
Create files and folders: The user can upload files, move and copy existing files and create new folders.
Edit files and folders: The user can rename existing files and edit properties such as expiration date or classification.
Delete files and folders: The user may delete and move files and folders as well as replace existing files.
Manage shares: The user can create and delete shares for files.
Manage file requests: The user can create and delete download links.
Read deleted elements and file versions: The user may list the contents of the recycle bin. including all existing file versions.
Restore deleted elements and file versions: The user may restore deleted contents from the recycle bin.
Remove deleted elements and file versions: The user may empty the recycle bin.
So that you do not have to manually authorize each user to each individual data room, DRACOON offers the option of grouping users together.
Which roles the users of a group have will be determined when creating the group analogous to the assignment of rights for individual users.
DRACOON Hero-Tip: Create the groups based on your employee structure. If you map the permissions for departments based on groups, you can easily create new employees in DRACOON and add them to the user group of your department. This saves you the effort of manually authorizing each new employee to access each required data room. You only have to think once about which rights are necessary for the individual departments and each new user receives all the rights, he needs by assigning them to a group.
If you don't use DRACOON for each department, but for example to collaborate on individual projects, you can also combine the members of the project teams as groups in DRACOON. If the projects are limited in time, you can even assign an expiration date to the relevant employees or groups.
Users can be members of several groups, so that an employee of the group can be assigned to his department but can also be members of a cross-departmental group such as the works council group.
If you want to manually authorize users to data rooms independently of groups, this is possible in the data room itself. In the context menu next to the data room name you will find the item "Authorizations". There you will see an overview of the users who are authorized in the data room and can click on "Authorize users" on the right. In the window that then appears, select the desired user. The following rights can be assigned to a user:
Edit (default): Users may create, change and delete files and folders in the data room, create and delete shares and file requests, and restore deleted items from the recycle bin.
Read: Users are allowed to read existing files (preview, open, download), but not modify them. However, they may add comments to files. They are not allowed to upload new files to the room. You can create and delete shares for existing files and folders.
Room administrator: Users have all permissions in the data room for files, folders, and the Recycle Bin. They also have the special permissions of room administrators, which are Adding and removing users from the data room, changing existing user permissions in the data room, settings for the Recycle Bin and default classification for files in the data room, deleting any file comments. In addition: Creating, renaming, and deleting rooms below the data room and setting any storage space restrictions for these subrooms.
If you are unsure about the optimal group structure for your organization, please book an appointment with one of our Customer Success Managers, we will be happy to advise you: