How do I restrict access to information in Grand Avenue?

Owned by Ann Ivey
Last updated: Dec 17, 2023
4 min read

This article compares three different methods for limiting access to process items in Grand Avenue Software (GAS):

  • The ReadOnly user account

  • Module Access Lists

  • Restricted Document Access

Examples of process items are Documents, Change Requests, CAPA Requests, NCM Reports, etc.

ReadOnly User

One method of limiting access to GAS is to configure a shared account with the User ID of "ReadOnly".

  • The "ReadOnly" account can be on shared machines such as kiosks where several people will use this account to view information in the system.

  • The "ReadOnly" user can only view information and cannot be assigned tasks, roles, or submit new information.

  • The "ReadOnly" account's password does not expire.

  • The “ReadOnly” account does not show up on the normal Define Users page.

ReadOnly User Configuration

A System Administrator configures the “ReadOnly” account by clicking Configure SystemConfigure Read-Only AccountEnable Read-Only Account. To enable the "ReadOnly" account, select "Yes" and provide the password that will be used.

ReadOnly User Login

To log in as the ReadOnly user, enter the User ID ReadOnly and the password set by the System Administrator on the configuration page.

Module Access Lists

Another method of limiting access to GAS is to use module access lists to restrict access by module and then identify specific items that users can access based on the following conditions:

  • Users who are otherwise blocked by module access lists have temporary access to items associated with open tasks assigned to them (e.g., Formal Review, Complete Training, Approve Disposition).

  • Users who are otherwise blocked by the Document Control Module Access List are authorized to view the documents in any document collections for which they are assigned as the Document Collection Owner or Document Collection Viewer.

  • Users who are otherwise blocked by the Design Control Module Access List are authorized to view deliverables in open design projects for which they are a Project Viewer.

Download the attachment Configure Users to Have Limited Access to Grand Avenue Software for step-by-step instructions on configuring Grand Avenue for these scenarios.

Restricted Document Access

This feature allows a site to restrict access to the file content for specified document revisions. When Restricted Document Access is enabled, each document revision includes a new “File Access Restricted?” property.

  • For document revisions that have “File Access Restricted?” set to “Yes”, access to primary document files, markup files, and additional files is limited to only a list of users configured by the Document Control Administrator.

  • For document revisions have “File Access Restricted?” set to “No”, access to primary document files, markup files, and additional files is unrestricted.

The Document Control Administrator configures Restricted Document Access by clicking Configure Document Control Configure Restricted Document Access and setting “Enable Restricted Document Access Feature?” to “Yes”.

Summary Table

 

“ReadOnly” User

Module Access Lists

Restricted Document Access

 

“ReadOnly” User

Module Access Lists

Restricted Document Access

Scope of Access

Read-only access to all modules

Full user-level access is granted to allowed modules.

No access is granted to denied modules, with the exceptions listed below:

  • Temporary access to items associated with assigned tasks while the task is open (all modules)

  • View access to Documents in Document Collections they own

  • View access to Documents and General Training Items in training assignments

  • View access to Design Control Projects where the user has the Design Project Viewer role.

Users authorized to view restricted document files have access to primary document files, markups files, and additional files for restricted document revisions.

Users not authorized to view restricted document files have access to only document metadata for restricted document revisions.

Can the user search for documents and other process items?

Yes, the ReadOnly user can search for and view any process item in any module

Users can search for and view items in allowed modules.

Users cannot search for items in denied modules.

Yes, users can search for and view any document revision.

Can the user download a primary document file?

Yes

Users denied access to the Document Control module may download primary document files for documents in collections they own.

Users on restricted document files authorization list: Yes

Users not on restricted document file authorization list: No

Can the user see additional files for a document?

Depends on setting of configuration option “Allow Access to Additional Document Files When Viewing Documents?”

Release 15.1 and earlier: None

Release 15.2 and later:

Access to additional files for documents in collections owned by users denied access to the Document Control module depends on the setting of Document Collection Type configuration option “Allow Owners to View Additional Files for Documents?”

Users on restricted document files authorization list: Yes

Users not on restricted document file authorization list: No

Can the user see superseded revisions of documents?

Depends on setting of configuration option “Prevent Access to Superseded and Obsolete Document Files?”

Depends on setting of configuration option “Prevent Access to Superseded and Obsolete Document Files?”

Depends on setting of configuration option “Prevent Access to Superseded and Obsolete Document Files?”

 

Copyright © 2022, Grand Avenue Software, Inc. All rights reserved.