Users: Roles and Rights

DRACOON integrates a role-based concept of authorization which forms the basis for the entire administration. This role-based approach allows the management of department data to be shifted directly to the corresponding departments, which in turn can be self-administered.

Data Space Admin

The Data Space Admin is a regular Data Space User that has additionally been granted five roles for the management of DRACOON.

These five roles are:

• Config Manager: Setting system preferences (general activation of Triple-Crypt® Technology, mail server settings, Active Directory connection, etc.)
• User Manager: User administration (creating, editing, and deleting user accounts)
• Group Manager: Group administration (creating, editing, and deleting user groups; assigning users to groups)
• Room Manager:Creating, renaming, and deleting first-level Data Rooms; defining any storage limits (quotas) for these Data Rooms
• Log Auditor: Access to system log

New in Version 4: A Data Space Admin can transfer any one of these five roles to additional users or relinquish one and be replaced. Example of a role transfer: An additional user is appointed Log Auditor by the Data Space Admin. Since the Data Space Admin continues in their role as Log Auditor, there are now two users in this role. Example of relinquishing a role: Another user is appointed Log Auditor by the Data Space Admin. The new Log Auditor removes the Data Space Admin’s role as Log Auditor (e.g. in consultation with the company management), so that the former remains as sole Log Auditor.

Data Room Admin

The Data Room Admin is a regular Data Space User that has additionally received an Administrator role for one or several Data Rooms.

This role always offers the following rights:

• Creating subordinate Data Rooms within a Data Room
• Renaming and deleting subordinate Data Rooms within a Data Room
• Defining any storage limits (quotas) for subordinate Data Rooms (only for subordinate Data Rooms!)
• Adding users to and removing them from a Data Room
• Distributing rights within a Data Room
• Appointing additional Data Room Admins within a Data Room
• Overviewing users in their Data Rooms
• Activating the encryption (Triple-Crypt® Technology) for a Data Room. Condition: The Data Room must be empty.

A Data Space User can be in the Administrator role for several Data Rooms as well as subordinate Data Rooms simultaneously.

Data Space User

The Data Space User role is the regular user role in DRACOON.

This role encompasses the following features:

• Uploading, deleting, and sharing files (depending on allotted rights, see below)
• Integrating a Data Room or folder within the personal operating system as a WebDAV drive
• Accessing DRACOON using different clients (e.g. Outlook Add-In, Android or iOS App, etc.)

Every Data Space User can be allotted the following rights:

• Reading: The user can list folders and files in the Data Room as well as download (and therefore open) files.
• Creating: The user can upload new files to the Data Room, copy and move existing files, and create new folders. To replace and move existing files, the right to delete is additionally required (see below).
• Editing: The user can rename files and folders as well as edit their properties (e.g. their classification).
• Deleting: The user can move and delete files and folders as well as replace existing files.
• Managing Upload Accounts: The user can create and delete Upload Accounts.
• Managing Share Links: The user can create and delete Share Links.
• Viewing the Recycling Bin: The user can access the contents of the Recycling Bin, including all document versions.
• Recovering contents of the Recycling Bin: The user can recover previously deleted items from the Recycling Bin.
• Emptying the Recycling Bin: The user can empty the recycling bin.

A Data Room Admin always has these rights as part of their role.

A Data Space User can be in this role in several Data Rooms as well as subordinate Data Rooms simultaneously.

Share Link Receiver

It is not necessary to create a separate DRACOON user account in order to share one or several documents with third parties. Instead, a so-called Share Link can be generated and sent to an external person so that they have access to a given file without requiring a user license.

This role offers the following features:

• Opening Share Links

Upload Accounts

It is not necessary to create a separate DRACOON user account in order to receive one or several documents from third parties. Instead, a so-called Upload Account can be created and sent to an external person as a link so that they can upload and share files without needing a user license.

This role offers the following features:

• Using Upload Accounts and sharing files

Folder Structures

Files in DRACOON are placed in hierarchical folder structures that can be freely configured. Some of these hierarchy levels have special features and are therefore specially designated.

• Data Room

Folders in the uppermost level of the hierarchy are called Data Rooms. Within Data Rooms, rights can be allotted to users.

Data Rooms offer the following features:

• Access to Data Rooms and their content can be allowed or denied to individual users.
• Different levels of authorization can be allotted to individual users and Data Rooms (e.g. “read only”, “read and upload”, etc.).
• Data Rooms can be integrated in the client’s personal operating system as a WebDAV drive.
• Data Rooms can include files and folders as well as subordinate data rooms.

Examples for a useful arrangement of Data Rooms are:

• One Data Room per department, e.g. “Purchasing”, “Sales”, “Accounting”
• One Data Room per country, e.g. “Germany”, “Austria”, “Turkey”

 

• Subordinate Data Room

In the first level of a Data Room, additional subordinate Data Rooms can be created.

New in Version 4: Subordinate Data Rooms can be nested to an arbitrary depth as desired, meaning that additional subordinate Data Rooms can be created within an existing subordinate Data Room. The possible depth of hierarchy is not limited.

Subordinate Data Rooms offer the following features:

• Access to subordinate Data Rooms and their content can be allowed or denied to individual users.
• Different levels of authorization can be allotted to individual users within subordinate Data Rooms (e.g. “read only”, “read and upload”, etc.).
• To simplify Data Room management, existing rights within superordinate Data Rooms can be transferred to subordinate Data Rooms so that they don’t have to be defined anew.
• Subordinate Data Rooms can be integrated in the client’s personal operating system as a WebDAV drive.
• Subordinate Data Rooms can include files, folders, and subordinate Data Rooms.

Examples for a useful arrangement of subordinate Data Rooms are:

• One Data Room per department, e.g. “Sales”, and within them one subordinate Data Room per product, e.g. “pencils”, “pens”, etc., and within them further subordinate Data Rooms per country, e.g. “Germany”, Austria”, “Turkey”
• One Data Room per country, e.g. “Germany”, “Austria”, “Turkey”, and within them one subordinate Data Room per location, e.g. “Munich”, “Berlin”, etc.

 

• Folder

Within Data Rooms and subordinate Data Rooms, subfolders can be created for easier organization, which are generally referred to as folders.

Folders offer the following features:

• Folders can include files and additional folders.