Manage Accounts

The Account management page helps you control access within AvePoint Opus by creating security groups and assigning permissions to users and groups. This approach enforces least-privilege access by scoping permissions to specific content sources and containers, limiting operations to authorized users, reducing the risk of unauthorized or unintended actions, and ensuring consistency in permission management.

Supported group types include Microsoft 365 Groups, security groups, and distribution groups. If you are using Opus to manage files in Google Drive, you can also create security groups to set permissions for Google users and groups.

You can perform the following operations to manage security groups:

  • Search for a security group – To search for a specific security group, enter the group name in the search box and click the Search icon.

  • Search for a user or group – To search for a specific user or group, enter the name of the user or group in the search box and click the Search icon.

  • Create a security group – Refer to the Create a Security Group section for details.

  • Edit a security group – To edit a security group, click the More actions button next to the security group and select Edit.

  • Delete a security group – To delete a security group, click the More actions button next to the security group and select Delete. Click OK in the confirmation message to confirm deletion. Note that built-in security groups cannot be deleted.

  • View permission details – Refer to the View Permission Details section for details.

Built-In Security Groups

You can view the following built-in security groups under the Security group management tab:

  • Administrators (built-in) – Users in this group have full control for AvePoint Opus.

    This group is not editable. Service administrators and application administrators registered in AvePoint Online Services are synchronized to this group by default.

  • End users (built-in) – Users in this group only have access to the Physical Records content source. The operations they can perform in physical records management depend on the permissions assigned to the security group.

    You can edit this group to add or remove users, and grant permissions to perform operations in Physical Records > Explorer.

  • Reviewers (built-in) – Users in this group are mainly responsible for reviewing records and smart classifications that have been assigned to them.

    When a user is assigned as the reviewer for a record, the user will be automatically added to this group. You can edit this group to add or remove users.

    Reviewers have access to:

    • The Records awaiting approval report on the dashboard

    • The Records for review page

    • The Smart classifications for review page

    • The Download center page

    • The Job monitor page

    • The Help & Resources page

Create a Security Group

Complete the following steps to create a security group:

  1. Under the Security group management tab, click Create security group.

  2. Security group name – Enter a security group name.

  3. Description – Enter an optional description.

  4. Users/Groups – Enter names to find users or groups that belong to this security group.

  5. Permission settings – Choose how to define permissions:

    • Data scope – Set permissions per content source.

    • Function module – Set permissions for the Restore center function.

    If you select Data scope, continue to select a content source. Security group members have permissions to manage records within the assigned content source:

    • Teams & Groups – After selecting this option, click the Edit button to select specific containers to narrow down permissions.

      Note that each container can only be assigned to one security group to prevent users from other security groups managing the same record.

    • SharePoint Online – After selecting this option, click the Edit button to select specific containers to narrow down permissions.

      Note that each container can only be assigned to one security group to prevent users from other security groups managing the same record.

    • OneDrive – After selecting this option, click the Edit button to select specific containers to narrow down permissions.

      Note that each container can only be assigned to one security group to prevent users from other security groups managing the same record.

    • Exchange Online – After selecting this option, click the Edit button to select specific containers to narrow down permissions.

      Note that each container can only be assigned to one security group to prevent users from other security groups managing the same record.

    • Physical Records – After selecting this option, select a user role for physical records management.

      • Records managers – Records managers can create and track physical content, and process requests to provide physical content to end users. After selecting this option, click the Edit button to select specific containers to narrow down permissions.

        Note that each container can only be assigned to one security group to prevent users from other security groups managing the same record.

      • End users – Click the Edit Permission button to grant end users the following permissions for Physical Records > Explorer:

        • Set access control – With this permission selected, end users can grant access control of the physical content where they have access to other end users.

        • Submit folder creation request – With this permission selected, end users can submit physical folder creation requests to retrieve physical folders.

        • Submit box/folder loan request – With this permission selected, end users can submit physical box/folder loan requests to retrieve physical boxes/folders.

        • Submit box creation request – With this permission selected, end users can submit physical box creation requests to retrieve physical boxes.

        • Return box/folder – With this permission selected, end users can return the physical boxes/folders they borrowed.

    • File System – After selecting this option, security group members have access to all File System connections.

      Note that the File System content source can only be assigned to one security group to avoid users from other security groups managing the same record.

    • SharePoint On-Premises – After selecting this option, security group members have access to all SharePoint On-Premises containers.

      Note that the SharePoint On-Premises content source can only be assigned to one security group to avoid users from other security groups managing the same record.

    • Azure File Share – After selecting this option, security group members have access to all Azure File Share connections.

    • Box – After selecting this option, security group members have access to all Box connections.

    • Google Drive – After selecting this option, security group members have access to all Google Drive containers.

    If you select Function module, continue to select a permission level that security group members have for the Restore center function:

    • Full control – Security group members have full control for this function.

    • Search and export results – Security group members can search for content and export the search results.

    • Search only – Security group members can only search for content.

  6. Terms and rules – Choose whether to assign specific terms and rules to the security group members. Without selecting this checkbox, security group members will have access to all terms and rules. It is recommended that you assign different terms and rules to different security groups for better permission management.

    If you have assigned a specific term scope and rule scope to one security group, you need to assign a term scope and rule scope to all other security groups to have all security groups under strict permission control. Each term scope and rule scope can only be assigned to one security group to avoid users from other security groups using the same term and rule to manage records.

    • Term scope – Select term scope (from the term group level down to the term set level) to be available for the security group members. Security group members can use terms within the term scope to classify records within the content source defined above.

    • Rule scope – Select rule containers to be available for the security group members. Security group members can use rules within the rule container to manage records within the content source defined above.

  7. Reports – Choose whether to assign permissions for specific reports to the security group members. If enabled, select the report types that the security group members can access.

    Note that security groups that do not have access permissions to certain content sources, specifically containers, will not be able to see these restricted content sources or containers when managing reports.

  8. Holds – Choose whether to allow the security group members to manage holds.

    If enabled, security group members can manage holds on the Search page and the Physical records > Explorer page if they also have permissions for physical records management.

  9. Records for review – Choose whether to allow the security group members to configure approval settings.

    If enabled, security group members can configure approval settings from the Terms and rules > Approval processes or My tasks > Records for review > Under review page.

  10. Click Save. After creating a security group, you can click Edit to edit the security group or click Delete to delete the security group.

View Permission Details

  • Security group management – Each entry under this tab represents a security group. Click the security group name to open the details panel, where you can view:

    • The security group name and description

    • Users and groups that belong to the security group

    • The permissions for each content source and function module assigned to the security group

    • The term scope and rule scope assigned to the security group

  • User management – Each entry under this tab represents a user or group. You can view the security groups that a user or group belongs to, and click View permission details to view the detailed permissions.