Domain separation and Document Management

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain Separation and Document Management

    Domain separation in Document Management allows for the logical grouping of data, processes, and administrative tasks into distinct domains. This feature enables precise control over user access to data and enhances security for users, ensuring that they can only manage documents within their designated domain.

    Show full answer Show less

    Key Features

    • Access Control: Users can only view and manage documents within their own tenant domain, with parent domain users having access to child domain documents.
    • Domain-Aware Application Properties: The application properties adjust based on domain configurations as necessary.
    • Custom Business Logic: Service providers can tailor processes for each customer, ensuring appropriate application use across multiple customers in a single instance.
    • Document Access: Documents can only be edited or accessed by users within the same domain unless access is granted for global domain users.
    • Permissions Management: Access to versions, references, and permissions is contingent on user access to the parent document.

    Key Outcomes

    By implementing domain separation, organizations can effectively manage document access, ensuring that users only interact with data pertinent to their domain. This minimizes security risks and maintains data integrity across various user groups. However, users must be aware of access limitations when ownership of documents changes, which could lead to visibility issues if permissions are not properly configured.

    Domain separation is supported for Document Management. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can control several aspects of this separation, including which users can see and access data.

    Support level: Standard

    • Includes all aspects of Basic level support.
    • Application properties are domain-aware as needed.
    • Business logic: The service provider (SP) creates or modifies processes per customer. The use cases reflect proper use of the application by multiple SP customers in a single instance.
    • The instance owner must configure the minimum viable product (MVP) business logic and data parameters per tenant as expected for the specific application.

    Sample use case: An admin must be able to make comments required when a record closes for one tenant, but not for another.

    For more information on support levels, see Application support for domain separation.

    Overview

    Document Management provides an access level approach to controlling the document access and providing security to the users.

    How domain separation works in Document Management

    When domains are separated in Document Management, users can see and manage documents and give access privileges only in their own (tenant) domain.

    A user in the parent domain has access to documents in the child domain.

    When a user creates a document, document list or document entries, then their domain is the same as the user's domain.

    When the owner of the document changes then the related versions, references, and permission record's domain is updated with the domain of the parent document.

    Use cases

    • Documents

      Documents can be edited or accessed only within their domain. Access to a document can become void if a user belongs to a different domain from the document's domain.

      • Users in the global domain can access documents in all domains when the read access is granted to the user.
      • Users in a non-global domain can access documents only in the same domain and global domain when document access is granted to the user.
    • Versions, References and Permissions table
      • Users can access the versions, references, and, permissions table records only if they have access to the parent document.
      • If a user has access to the target record in the references table, access to the parent document is granted only if inherited access is enabled for the document and the user is in the same domain as the parent document.
    • List and List Entries

      List and List Entries have domain pointing to the current user domain and can be accessed by the users with document admin rights.

    Known issues

    If a document contains references and if the owner of the document is changed and does not have access to the target record of one of the references, then the reference record might not be visible to the new owner.

    For example, if the document owner, User A (Domain: D1) is changed to User B (Domain: D2) and User B does not have access to the target record of the reference table, User B might not be able to see the reference record.