Control System Access Using Groups, Users, Roles, and Privileges


Users are individual members of your organization who are defined in Case Management. Users may be reviewers who will tag, annotate, and redact case documents, attorneys or other specialists who will review specific aspects of a case (for example, financial data), and anyone else who should have access to case documents in Review.

Users are able to open only the cases or review batches to which they are assigned. Users can be assigned as individuals or as members of a group. The following figure shows the Review Open Case menu and the two ways in which users access case documents.

The tasks a user can perform are based on their role and assigned privileges. When a user is first defined in Case Management, the default “Standard User” (view-only) role is assigned at the system level. Administrators adjust user privileges as explained later in this topic.

In addition to privileges for Review, users may also be tasked with administrative and/or monitoring duties that are performed in Case Management.

Active vs. Inactive Users

By default, users are active, meaning they can access the LOCAL DISCOVERY database to the extent their privileges and case or batch assignments allow. If needed, individual users can be marked inactive, which will prevent them from accessing the LOCAL DISCOVERY database, regardless of privileges or assignments.

This function can be useful any time you want to control when certain users have access to LOCAL DISCOVERY. For example, if you use contract reviewers, they can be defined as active users for a particular project or case. Once the project/case is completed, they can be made inactive. When they are rehired for a new project, they can once again be made active.


Users who will share specific tasks, such as all tagging duties or the review of a particular case, can be combined into a group. Define the privileges for all group members by defining them for the group, and assign the group to cases or batches as needed. Groups allow case activities to be efficiently managed and monitored.

Examples of groups you might want to define include:

  • A group of users responsible for the initial review of cases, where documents are assessed and annotated (tagging, redaction, and other markups).

  • A group for final case review, during which a quality control check occurs.


A role is a defined set of privileges. Users and groups are given one of four roles. When a new user is added, he or she will be a Standard User, unless the role is changed.

The following table lists the user roles in Case Management and representative responsibilities for each role. Super Administrators can define responsibilities as needed to meet an organization’s needs.

Each role has a specific set of default privileges. If needed, these privileges can be changed at the individual user, group, or case level.


User Role

Typical Responsibilities

Standard User

By default, Standard Users have view-only privileges. Add specific privileges to this role to allow a user to perform needed review tasks (or administrative tasks).

Power User

By default, Power Users have most Viewer Privileges (see Review Viewer privileges below). Removing any of the default privileges will change a Power User to a Standard User. Adding privileges will not change the Power User role.

Case Administrator

The Case Administrator generally manages cases by defining the users and groups to work on a case, setting up the tag palette for a case, and performing other case-specific operations.

Case Administrators must be assigned to a case in order to have administration privileges for that case.

By default, the Case Administrator has all privileges except for the Create New Case privilege (which is optional). Removing any of the default privileges will change a Case Administrator to a Standard User.

Super Administrator

The Super Administrator (also called “Super Admin”) generally manages all aspects of the LOCAL DISCOVERY product and sets up user, groups, and cases to hand off to Case Administrators for case-level administration.

The Super Administrator has all privileges and these privileges cannot be changed.

Super Administrators cannot be assigned to a group or a case—they have access to all groups and cases by default.

(not set) or None

Users must have one of the above four roles when they are added to Case Management. This is their “basic” user role.

Users can have different roles when they are part of a group and/or assigned to a case. The role of (not set) or None exists to allow Case Management to ignore a role definition at a particular level and find the desired role or set of privileges. To understand how Case Management determines which role/privileges a user will have for a particular situation, see How Does Case Management Determine Privileges?


Privileges are specific permissions to perform particular activities in Case Management, Administration, and Review. Note:

  • Role-based privileges: By default, each role has a specific set of privileges that a user or group will inherit when a role is selected. (See Default privileges for default privileges by role.)

  • Customized privileges: Super Administrators can change any user or group’s privileges; Case Administrators can change privileges for users and groups assigned to their cases.

Changing privileges

Privileges that can be changed are listed in Default privileges.

A Super Administrator has all privileges for all cases. Case Administrators have all privileges for the cases to which they are assigned; the Create New Case privilege is optional for Case Administrators.

Privileges can be changed for individual users or groups as follows:

  • Super Administrators can change privileges for any user (base privileges or privileges set for a case or batch).

  • Case Administrators can change roles/privileges for users or groups only for the cases to which they are assigned (change case- and/or batch-level privileges, not a user’s base privileges).

Other functions of Super and Case Administrators

  • Migrate case data:

    • Only a Super Administrator can create a new case by migrating data from a third-party database.

    • Case Administrators can migrate data from a third-party database into an existing case to which they have been assigned.

  • Remove a case:

    • Super Administrators can remove any case.

    • Case Administrators can remove cases to which they have been assigned.

  • Add/edit/remove users and groups:

    • Super Administrators can manage all aspects of all users and groups.

    • Case Administrators can manage users and groups for the cases or batches to which they have been assigned.

Default privileges

Default privileges for each role are listed in the following two topics:

ClosedViewer privileges

Review Viewer privileges

The following table lists privileges related to working in Review.


Viewer Privileges and Default Role Settings


Standard User1

Power User

Case Admin.2

Super Admin.

(View Only)





Main Desktop

Create TIFF on the Fly

Export Data

Launch Native Files

Replicate Data

View Non-Discov. Documents






Create Annotations

Create Redactions

Email Images3

Modify/Delete Other User’s Annotations4

Print Images

See Underneath Redactions5

Modify/Delete Other User’s

View Annotations










Add to Pick Lists





Edit a Record





Create a Record7





Delete a Record





Global Replace






Apply Doc Level Tags





Apply Page Level Tags





Modify Tag Palette Layout





Override Tag Relationships8





Remove Other User’s Tags





Update Locked Tags





View Tags






Modify Grid Display

Modify Record View Display

Modify Window Layout






Create Journals

Create Private Folders9

Create Smart Folders

Delete/Modify Smart Folders

See Smart Folders

View Case Alerts

View Case Instructions





Report Privileges

Print Reports10











View Transcripts





Edit Transcript Annotations11





Import Transcripts





View Transcript Annotations





ClosedCase Administrator privileges

Case Administrator privileges

The following table lists privileges governing administrative tasks.


Administrator Privileges and Default Role Settings


Standard User12

Power Usera

Case Admin.13

Super Admin.

Commit Scanned Documents to Case






Create a Tag/Group14





Create & Manage Batches





Create New Case15





Export Case Data





Import Case Data





Lock Tag Groups





Merge and Split Documents





Modify a Tag/Group16





Modify Case Setup





Modify Tag Relationship Rules





Produce Case17





Scan Documents






NOTE: If privileges are removed from a particular role, the role becomes Standard User with whichever privileges are assigned. Adding privileges does not change the role.

About redaction privileges

Reviewers who do not have the privilege to see underneath redactions (called “restricted users” in this discussion), have limited access to content in Document Review after redactions are added.

When a user other than the restricted user adds a redaction, the restricted user is limited as follows in Document Review:

  • Quick View and Extracted Text tab content is restricted (not viewable).

  • The EXTRACTEDTEXT field in the Record View tab is restricted.

  • The restricted user cannot open the document's native file, if one exists.

  • The restricted user is not able to copy OCR text from an EXTRACTEDTEXT field in the Case View or other tab in the case pane.

  • When the user viewing documents is the only person who has added redactions to a particular document, he or she will be able to see the redacted content for that document.

NOTE: If your case(s) contain text fields that may contain content subject to redactions (such as a field containing the body of e-mail documents), you will need to assess users and restrict access to such fields if needed (by applying field-level security as explained in Change Field-level Security).


Related Topics

Overview: Security