Document Rights


Tel+49 6172 662621-0 MailContact form

Case Study CS Research

"Document Rights"


Our customer, a large German financial institution, commissioned us to set up a fine-grained authorization system for the most flexible possible mapping of various complex internal processes in document creation.

In spite of this high complexity, the system should be easy to configure and, above all, reliably meet the high requirements of the regulators, so that the various processes are protected against non-compliance and undermining.



  • Different document types require different authorizations
  • Fine granular authorizations. Just reading, writing, deleting are not sufficient
  • Authorizations should be able to be assigned to document types without having to assign authorizations to each individual document separately.
  • Regulatory requirements require a context-dependent authorization system. Purely static authorizations are not sufficient. Samples:
    • A published document may no longer be deleted. Not even by a user who in principle has the right to delete.
    • Same responsibilities, but different authorizations: The regulatory system requires that recommendations may only be published with the release of publications. Even colleagues who also produce publications are only allowed to see the recommendation when it has been approved.
    • Deputy rule: A person temporarily represents another person and needs their permissions without explicitly configuring the permissions.


  • Introduction of additional authorizations such as reading, downloading, changing document metadata, changing document contents, changing the release level (status) of a document, setting in process, cancelling status in process.
  • Enhancement of the static authorization concept with a dynamic (context-dependent) area based on a rule engine.


Our customers now have a simple configuration option for assigning static authorizations to document types.
The rules stored in the system provide context-dependent authorizations for each document in the system.
The time-consuming manual allocation and the associated possible error rate is eliminated.
Customers now have a very flexible, legally compliant authorization system at their disposal, which they can configure themselves according to their individual needs.