Minimum Software Version8.18.10
Solution(s)Cases International Cases US Institutions Counsel
Explains how access to content is controlled in Opus 2 using role‑based and object‑based access control, including how permissions apply to projects, documents, folders, and collections.

Types of Access Control

Access to content in Opus 2 is managed through two mechanisms:

  • Role‑Based Access Control (RBAC)
  • Object‑Based Access Control (OBAC)


RBAC determines which types of content a user can see and what actions they can perform, based on the capabilities assigned to their role. This operates at a broad level and applies to content such as documents, portals, and collections. Roles not only control visibility, but also whether a user can make changes to content. Role configuration and capabilities are described in detail in User roles and capabilities.


OBAC controls access at the individual item level. Certain content types support their own access control lists (ACLs), which explicitly define which users or groups can access a specific item.

The following content types support object‑based access control:

  • Projects – Access is managed independently from other content types, using the same underlying principles.
  • Worksheet definitions – The structure of columns and data types that define a worksheet.
  • Individual worksheet records – Each row in a worksheet has its own ACL.
  • Folders – Each folder can have an ACL; this does not affect access to documents within the folder.
  • Documents – Includes document metadata and all document versions.
  • Collections
  • Collection items – Items within collections that may include additional metadata and access behavior.

An ACL in Opus 2 is a list of users or groups who are allowed access to an item.

  • For projects, ACLs can include system‑level teams.
  • For all other content types within a project, ACLs can include individual users or project‑level groups.

Groups are especially important because they allow access to be managed at scale. Adding or removing a user from a group automatically updates their access to all items where that group appears in the ACL.

Users can belong to multiple groups within a project. Access is granted if any group or individual entry in the ACL applies to the user. Removing access via one route does not revoke access granted through another.

How Document and folder access works

  1. Documents may be stored within folders, but access to a document is independent of access to its parent folders.
  2. A user may have access to a document or folder without being able to see its location in the main folder hierarchy.
  3. On the Documents page, these items appear in the Shared section beneath the folder tree.

Updating access in bulk

The user interface provides shortcuts to simplify access management:

  • When setting access on a folder, there is an option to apply the same ACL to documents and sub‑folders contained within it.
  • When moving documents, users can choose to update document ACLs to match the destination folder.

In all cases, these actions update the individual ACLs of the affected items. Final access is always governed by each item’s own ACL.

Collection access overriding document access

Collections provide the only exception to the rule that access is determined solely by the item’s ACL.

When a document is added to a collection, a collection item is created. This collection item stores:

  • The document’s position in the collection
  • Collection numbering
  • Any collection‑specific metadata

Collection items can have their own ACLs. A collection‑level setting controls how collection item access interacts with document access.

  • Default behavior:
    Access to the collection item and the document are independent. Users may see the collection listing, but receive a message that a document is unavailable if they lack document access.

  • Override behavior:
    If the collection is configured to grant access based solely on the collection item ACL, then access to the collection item grants access to the underlying document—even if the document ACL would normally deny access.

This allows temporary or controlled access to documents without changing document‑level ACLs. Access can be revoked by modifying or deleting the collection.

Related Links


Review your group structure, folder permissions, and collection settings to ensure access is aligned with your case requirements. Contact Opus 2 Support if you need help reviewing or configuring access controls.