Define public user permissions for attachments

Civic Platform provides three ways for administrators to set permissions for public users to upload, download, view or delete documents attached with a record, either it be a record attachment which is directly uploaded for the record, or a people attachment which public users upload to the licensed professional account relating to the record. Administrators must define the security policy permissions for EDMS (Electronic Document Management System). Then, permissions can be assigned to document types, which refine or restrict the EDMS permission settings to ACA users. Agency employees may also define permissions for a particular document on an application though document configurations attached to the record. The individual document permission setting performed on the record overrides the document type level permission setting.

For more information about setting up standard choices, refer to the Accela Civic Platform Configuration Reference. For more information about setting up the EDMS security policy, refer to Security policies.

Configure permissions in EDMS

Administrators must configure EDMS (Electronic Document Management System) and its associated security policy to define permissions for the PublicUser module which is specific to ACA and public user functionality. Set the EDMS security policy settings to the maximum level of permissions you want to grant to a public user. After defining the EDMS security policy, you can refine the attachment permissions to view, download, upload, and delete documents at the document type and individual document level.

Administrators must perform standard choices configuration for EDMS to enable this feature. EDMS can be implemented in various ways from agency to agency. This section of documentation provides examples of how EDMS can be setup for Citizen Access.

For instructions on how to define permissions at the document type level, see Configure permissions for a document type. For instructions on how to define permissions at the individual document level, see Configure permissions for a specific document.

To configure document functions in ACA

Search and select EDMS from the Standard choice name item list.
Configure standard choices values.
- Configure the Standard choice value. For example, ACCELA.
  
  Enter the Value desc information. EDMS_VENDOR=ACCELA;EDMS_DOCUMENT_SIZE_MAX=512KB
- Configure the Standard choice value. For example, ADS.
  
  Enter the Value desc information. EDMS_VENDOR=ADS;EDMS_DOCUMENT_SIZE_MAX=5000;ADS_SERVER_URL=http://10.50.0.36:19080/documentservice/index.cfm;ADS_SERVER_SECURITY_KEY=TESTDEV0012345;ADS_SERV_PROV_CODE=ADS011;ADS_CLEARANCE_KEY=FXK9FBPBMBQVLWMR3QCO4INSGZXTKD;ADS_SECURITY_KEY=F5SSXA6XDFF03VMNU98NCR1X3FGK34;DEFAULT=YES.
Configure the security policy.

For detailed instructions about EDMS security policy configuration, refer to Security policies.
1. Go to Agency profile and select Security policy from the list.
2. Select the EDMS access security hyperlink.
3. Select the link of the EDMS server name (ACCELA or ADS).
4. Select the module PublicUser.
5. Select or clear the check boxes to define the user group permissions to upload, download, view, or delete a document in ACA.
6. Set the Authentication to None. You must configure the security policy for anonymous users, or they receive errors.
7. Optionally, to enable licensed professionals to upload people attachments to their accounts, and enable public users to view people attachments, choose the Agency module, and repeat step e and step f.
  
  People attachments can only be uploaded to and retrieved from the EDMS server with agency-level security policy settings.
8. Select Save.
  
  If document functions are enabled for a user group, the public user views the Attachments section for a permit. Each hyperlink displays for an attachment. The hyperlinks include: Upload a new attachment, Delete, and the attachment name which opens a pop-up window to open (view) and/or save (download).

Configure permissions for a document type

After you create a document group, you can add document types to the group. The document types that you set up apply to both the electronic and non-electronic documents, and determine how users categorize the documents associated with an application. You must indicate which public users have permissions to view, upload, and delete the document type attachment online. The public user types include: All ACA users (including anonymous users), registered users, Licensed Professionals, Record Creator, Contact, and Owner.

Administrators can specify which licensed professionals can to upload, delete, or view the document type by clicking the License Type button and marking the corresponding check box(es) for specific licensed professional types in the pop-up window. These permissions apply to any document a licensed professional adds to his licensed professional record. These documents display in the Public Documents section as read-only when a public user searches for the license information. If you want to restrict access to a specific document, navigate to the document tab for the record and assign additional permission settings. For instructions on how to restrict access to a specific document, see the “Defining ACA Permissions for a Document” section in the “Attachments” chapter of the Accela Civic Platform User Guide.

To configure the permissions for a document type

Go to Administrator tools > Attachments > Document.
Search for the document group and the document type that you want to set the permission.
Select the red dot besides the document type.
Select Yes in the Set permission for ACA field to grant permission on documents of this document type to ACA users.
In Title viewable in ACA, Downloadable in ACA, Uploadable in ACA, and Deletable in ACA fields:
1. Select the check boxes next to the users for which you want to grant permission to view title, download, upload, or delete the documents of this document type.
  
  Users without permission in Title viewable in ACA cannot download or delete the document, even if the downloadable and deletable permissions are granted.
2. If you want to specify the licensed professional types allowed to upload, delete, or view the document type in ACA, select the Licensed professional button and indicate the specific licensed professional types in the pop-up window. Then choose Select.
Select Submit .

Configure permissions for a specific document

Civic Platform provides a way for users to manage which documents associated with an application are available for public users to view or delete in Citizen Access. This feature offers a way to define permissions at the individual document level. An agency has control to restrict public users from viewing the document or removing it from the application based on the agency decision of the sensitivity or importance of it.

To assign permissions, select the Assign button in the Documents portlet, and select or clear the associated check box(es) for the public users that have access or restricted access. For example, a picture or signed legal document can be uploaded as supportive evidence to a case. A graphic may be submitted to show the area for a building expansion. An agency can set permissions to allow all ACA users to view the graphic of the area for a building expansion, however may restrict the picture or legal document for a case from access to ACA entirely.

To define ACA permissions for a document

Select a record and select the Document secondary tab.
Select a document.
Select Assign.

Complete these fields:

Field	Field description
Set Title Viewable Permission	Select the Yes radio button and then select the public users for which you want the attached document name to be viewable in Citizen Access. Select the No radio button to inherit permissions on the document type of the attached document from Civic Platform.
Set Downloadable Permission	Select the Yes radio button and select the public users for which you want the attached document to be downloadable in Citizen Access. Select the No radio button to inherit permissions on the document type of the attached document from Civic Platform.
Set Deletable Permission	Select the Yes radio button and then select the public users for which you want the attached document to be deletable in Citizen Access. Select No radio button to inherit permissions on the document type of the attached document from Civic Platform.

Field

Field description

Set Title Viewable Permission

Select the Yes radio button and then select the public users for which you want the attached document name to be viewable in Citizen Access.

Select the No radio button to inherit permissions on the document type of the attached document from Civic Platform.

Set Downloadable Permission

Select the Yes radio button and select the public users for which you want the attached document to be downloadable in Citizen Access.

Select the No radio button to inherit permissions on the document type of the attached document from Civic Platform.

Set Deletable Permission

Select the Yes radio button and then select the public users for which you want the attached document to be deletable in Citizen Access.

Select No radio button to inherit permissions on the document type of the attached document from Civic Platform.

Note: Those users without this permission cannot download or delete the document, even though the downloadable and deletable permissions (described below) are granted.

If you set a permission to Yes and do not select any public user groups, you prevent all public users from possessing the permission to the documents. For example, if you set the Set Title Viewable Permission to Yes and do not check any of the check boxes, you prevent all public users from accessing a document even though they may be allowed to access a document based on role-based permissions for the document type.

Select Submit.