Skip to content
English
More support Customer portal
Home
  • There are no suggestions because the search field is empty.

Understanding User Roles and Permissions

Essal Office uses a permission system to control who can see which documents and which parts of the application they can use. This article explains the roles available and how to decide what level of access to grant each person.

The Two Levels of Access

Access in Essal Office works at two levels:

  • Level: **Global permissions**
  • What it controls: Which areas of the application a user can access — e.g. whether they can view documents, manage tags, or change settings


  • Level: **Object-level permissions**
  • What it controls: Which specific documents, tags, and correspondents a user can see or edit

Both levels must be considered when setting up a new user. A user might have global permission to view documents, but only be able to see the documents that have been explicitly shared with them.

Account Types

Regular Users

Regular users have only the permissions explicitly granted to them — either directly or through group membership. By default, a new user account has no permissions at all until an admin assigns them.

Regular users are the appropriate account type for most staff members. Their access is tightly controlled and can be scoped to exactly what they need.

Admin (Staff) Users

Admin status — sometimes called "staff" — gives a user access to view application logs and system diagnostics. It does not automatically grant full access to all documents.

Grant admin status to IT personnel or power users who need visibility into system health but don't need superuser authority.

Superusers

A superuser can access every part of the application and see all documents, regardless of object-level permissions. Superuser status can only be granted by an existing superuser.

Best practice: Avoid using a superuser account for everyday document work. Create a regular account for daily use and reserve the superuser account for administration tasks.

Groups

Groups let you define a set of permissions once and apply it to multiple users. For example:

  • An Accounts group with permission to view and add documents, plus access to financial correspondents
  • An HR group with permission to manage custom fields and edit documents tagged HR
  • A Read-Only group for users who need to view documents but not modify anything

When a user is added to a group, they inherit all of the group's permissions automatically.

Global Permission Types


  • Permission Area: **Document**
  • What it controls: Add, edit, delete, or view documents


  • Permission Area: **Tag**
  • What it controls: Add, edit, delete, or view tags


  • Permission Area: **Correspondent**
  • What it controls: Add, edit, delete, or view correspondents


  • Permission Area: **Document Type**
  • What it controls: Add, edit, delete, or view document types


  • Permission Area: **Custom Field**
  • What it controls: Add, edit, delete, or view custom fields


  • Permission Area: **Saved View**
  • What it controls: Add, edit, delete, or view saved views


  • Permission Area: **Share Link**
  • What it controls: Add, delete, or view share links


  • Permission Area: **Workflow**
  • What it controls: Add, edit, delete, or view workflows


  • Permission Area: **Mail Account**
  • What it controls: Add, edit, delete, or view email import accounts


  • Permission Area: **Mail Rule**
  • What it controls: Add, edit, delete, or view email import rules


  • Permission Area: **User**
  • What it controls: Add, edit, delete, or view user accounts


  • Permission Area: **Group**
  • What it controls: Add, edit, delete, or view groups


  • Permission Area: **App Config**
  • What it controls: Modify global application settings

Important: Users who will use the Essal Office web interface must have at least View permission for UI Settings. Without this, they cannot load the application.

Object-Level Permissions

Every document, tag, correspondent, and document type has:

  • An Owner — the user who created the object. Only the owner can share it with others, create share links, or add/remove custom fields on it.
  • View access — grants the ability to read the document without editing it
  • Edit access — grants the ability to read and modify the document

Users without view or edit permission on a document will see the label "Private" wherever that document's tag or correspondent appears in other documents.

Default Permissions for New Documents

By default:

  • Documents uploaded via the web interface are owned by the uploading user and not shared with anyone else
  • Documents imported via email or watched folders have no owner and are visible to everyone

You can change these defaults in Settings → Permissions or by using Workflows to assign ownership automatically.

Role Assignment Quick Reference


  • User Type: Full administrator
  • Suggested setup: Superuser status


  • User Type: Department manager
  • Suggested setup: Regular user + group with broad document permissions


  • User Type: Standard staff member
  • Suggested setup: Regular user + group with document view/add permissions


  • User Type: Read-only viewer
  • Suggested setup: Regular user + group with view-only permissions


  • User Type: IT / system oversight
  • Suggested setup: Admin (staff) status + limited global permissions