The Documents module is the shared, governed store for every file the business keeps. It captures uploads against a category and type, files them in nestable folders, classifies and retains them, tracks versions, and lets colleagues share, comment on and — where you allow it — send documents out to people beyond the organisation through a passcode-protected exchange link. Branded templates back the letterheaded documents that Proposals and Contracts render. Every action is scoped to a level in your organisation hierarchy, permission-checked on the request, and written to the platform audit trail.
This guide is a reference for what the module does and how the pieces fit together. It describes IXL CORE version 1.0.
Overview
At a glance, Documents covers these connected areas:
- Documents & files — upload a file with a title, description, category and type, linked to a business record.
- Folders — nestable, organisation-scoped folders that documents can be filed into.
- Classification & retention — a security classification and a retention policy, review date and hold status on every document.
- Versioning — upload a new version that supersedes the previous one, keeping the version chain intact.
- Internal sharing — grant a colleague or role a view, comment, edit or manage level on a single document.
- Comments — threaded comments and annotations on a document.
- External exchange — tokenised public links so people outside the organisation can view, download or upload a response.
- Templates — named, branded document templates per type, with a default per type.
Every document is scoped to a level in your organisation hierarchy (organisation, entity, branch, department or position), and every action is governed by permissions (see Access & permissions).
Documents & files
A document wraps an uploaded file. When you upload, you supply a title (up to 160 characters), an optional description, the category and type it belongs to, the organisation scope it lives at, and the business record it is linked to — a document always references a linked resource, so it stays attached to the account, job, employee or other record it belongs with. The file itself is stored privately: it is never served from a public URL, and every download is permission-checked and audited individually. The type you pick must belong to the category you pick, and both must be active.
Each document records who uploaded it, who owns it, when it was created and its status — active or archived. You can update a document’s metadata, archive it and later restore it. The main workspace listing shows the whole governed corpus for the organisation and can be filtered by folder, classification, retention status, type or linked record, and searched by title, description, classification and policy code.
Typical steps
- Go to the Documents workspace and upload a file, giving it a title, category, type and the record it links to.
- File it into a folder and set its classification if it differs from the default.
- Later, archive it when it is superseded, or restore it if needed.
Folders
Folders organise documents into a nestable tree scoped to the organisation. A folder has a name, an optional description, a parent (or none, for a root folder) and a default classification that new documents can inherit. Folders track their depth and full path, so the tree stays consistent when a folder is moved: re-parenting a folder re-homes its entire sub-tree in one operation, and the system refuses to move a folder into itself or one of its own descendants. A folder that still contains sub-folders cannot be deleted until they are cleared; documents in a deleted folder fall back to the root rather than being lost. Moving a single document between folders is a separate action and leaves its business-record link untouched — a document can be both filed in a folder and linked to a record.
Classification & retention
Every document carries a classification — public, internal, confidential or restricted — defaulting to internal. Alongside it sits a retention status: active, due for review, expired or retained (a legal or records hold). You can classify a document to set its classification, an optional retention policy code, a review date and a retain-until date. A document placed on a retained hold is treated as immutable: it cannot be archived out of its active lifecycle, and it cannot be superseded by a new version, so a finalised or signed document on hold stays byte-for-byte intact.
Versioning
To replace a document’s file while keeping its history, upload a new version. This creates a new document record that supersedes the prior one — the previous version is archived, and the new record links back through the version chain, incrementing the version number. You can optionally give the new version its own title and description; otherwise it inherits them. Documents on a retention hold cannot be re-versioned.
Internal sharing
By default a document is visible to those within its organisation scope. Internal sharing grants access additively on top of that scope, without ever crossing organisation isolation. You share a document with a user or a role at one of four levels — view, comment, edit or manage — and the grant surfaces the document to that person even if they are not otherwise in its scope. A people-picker lists the organisation members you may share with. Re-sharing an existing grantee changes their level rather than creating a duplicate, and every grant, level change and revocation is audited.
Typical steps
- Open a document and choose Share.
- Pick a colleague or a role and set their level — view, comment, edit or manage.
- Revoke the share later if the access is no longer needed.
Comments
Documents support threaded comments. Anyone who can view a document can read its comments; commenting requires at least comment-level access. A comment has a body and can be a reply to another comment on the same document. Authors may edit or delete their own comments, and anyone with manage-level access can moderate — remove — a comment.
External exchange
The Document Exchange lets you send a document to someone outside the organisation through a tokenised link — no account needed on their side. When you create a link you choose its permission — view, download or upload a response — and optionally set a recipient email, an expiry, a passcode and a message. You can also route the link through a publish approval by naming approvers, so the link only becomes reachable after sign-off.
The recipient opens the link on a public portal. The unguessable token is the sole credential: a wrong, expired, revoked or not-yet-published token returns a clean “not found” that never reveals which. When a passcode is set, the portal reveals nothing about the document or recipient until the correct passcode is supplied, and repeated wrong attempts are rate-limited. Depending on the permission, the recipient can download the shared file or upload a response document, which is constrained to a safe allowlist of file types and a size cap. External sharing is the one metered corner of the module: an organisation has a cap on how many links can be active at once, and creating another is refused until an existing link is revoked.
Templates
Document templates are named, branded templates for the letterheaded documents the platform produces. Each template has a type — proposal, contract or letter — a name, an optional letterhead, titled sections and terms. One template per type is the default; setting a new default clears the previous one. Templates can be previewed as a PDF (rendered with sample data and any merge tokens), edited and archived. They are a shared foundation consumed by Proposals, Contracts and any other branded document.
Access & permissions {#access-and-permissions}
Every Documents action maps to a specific capability — for example documents.view, documents.upload, documents.archive, documents.workspace.view, documents.workspace.manage, documents.folders.manage, documents.sharing.manage, documents.exchange.manage, documents.templates.view and documents.templates.manage are each separate permissions. Capabilities are grouped into roles and enforced on every request, not merely hidden in the interface. Documents also respect a data-scope level (organisation, entity, branch, department or position): you see and act on documents within your scope, and an internal share can additively extend that access without crossing organisation boundaries. Classifying, archiving, commenting and managing shares can each be authorised either by the relevant capability in scope or by a sufficiently high internal share level on the document itself.
How Documents connects
Documents is a shared platform foundation, not an island:
- Templates back the branded proposals, contracts and letters rendered elsewhere, and generated PDFs live in this document store.
- Any business record — an account, job, employee and more — can have documents linked to it, so files stay attached to the record they belong with.
- The audit trail records every upload, download, classification, share, comment and exchange event, so the document’s history is always accounted for.
- Publish approvals route an external link through the platform approval flow before it becomes reachable.
That connection is the point: files are captured once, governed consistently, and reused wherever the business needs them.
