Skip to content
Papermerge

Cabinets

In a team environment, documents are typically handled collectively by multiple people. Cabinets reflects this reality: documents and folders placed in a cabinet are owned by that cabinet. Whoever has access to the cabinet will get access to the documents placed in that cabinet.

Cabinets have their own home and inbox folders. Cabinets can be owned by one or multiple individual users or by a group of users. Common practice is to create cabinets that are owned by a group of users. For example, in a small team of three people, create a group “all-users” and make it owner of the cabinet “Acme”.

Cabinet vs. Sharing

Section titled “Cabinet vs. Sharing”

Papermerge supports two distinct ways to give others access to documents:

Sharing is temporary. You grant access to a specific document or folder for a period of time and revoke it when no longer needed. It is the right tool for ad-hoc situations.

Cabinet is permanent.

The cabinet’s home folder is the team’s long-term workspace. It is good practice to set a group of users as owners of the cabinet. This way access to the cabinet is tied to group membership: when someone joins the team they gain access automatically; when they leave they lose it. It is the right tool for ongoing team workflows.

A common question is: “why not just share a folder with everyone on the team?” You could — but sharing requires manual maintenance every time the team changes. Cabinets with their group ownership handle this automatically: the workspace exists as long as the group owning it exists, independent of any individual.

Ownership and Access

Section titled “Ownership and Access”

Cabinets have two separate mechanisms for controlling who can work with them:

Ownership determines who owns the cabinet. Owners always have full access. Ownership can be assigned to individual users or to groups. Group ownership is the recommended approach for teams: add a user to the group and they immediately gain access to all cabinets that group owns; remove them and access is revoked automatically.

Access entries allow non-owners to be granted a specific role on a cabinet. A role defines what the principal (user or group) is allowed to do. For example, you can give an external auditor view-only access to the Finance cabinet without making them an owner.

There are two meaningful permission levels:

  • Cabinet View (CABINET_VIEW) — can browse the cabinet and work with its documents.
  • Resource Management (CABINET_RESOURCE_MANAGE) — can create and edit resources (tags, categories, metadata) that are owned by the cabinet.

A user who is a cabinet owner has both permissions implicitly. A user granted access via a role only has the permissions that role includes.

Cabinets and Their Special Folders

Section titled “Cabinets and Their Special Folders”

Every document in Papermerge must live in a folder. For documents owned by a user, that folder is naturally their personal home. But a document owned by a cabinet cannot belong to any individual user’s home — it would be arbitrary and misleading to place it there. The solution is straightforward: each cabinet has its own home folder to house its documents.

Implicit Ownership Transfer

Section titled “Implicit Ownership Transfer”

Everything placed in a cabinet’s home or inbox folder is automatically owned by that cabinet. For example, if lila uploads a document into the HR cabinet home folder, that document is automatically owned by HR cabinet — not by lila.

Tags, Categories and Metadata

Section titled “Tags, Categories and Metadata”

In bigger teams, some departments may have sensitive resources (e.g. the Finance team may have a “high-salary” tag) which they don’t want to share with users from other departments. This is possible by making resources (tags, metadata, categories) be owned by a cabinet to which only specific users have access (i.e. only the Finance team).

Tags, categories, and metadata can be owned by a cabinet. When creating any of these, if you have resource management access to one or multiple cabinets, you may assign a cabinet as the owner of that tag (category, metadata).

Ownership of tags, categories, and custom fields determines visibility: these items are only visible to users who have access to that cabinet. This means:

  • A tag owned by HR cabinet is only visible to users who have access to that cabinet.
  • A category owned by HR cabinet can only be assigned to documents that also belong to HR cabinet.
  • Metadata owned by HR cabinet are only available when working with categories owned by HR cabinet.

In short: what belongs to the cabinet is visible only to the people with access to that cabinet.