A Vault Admin designates which users may add Additional Security Rights to documents by adding the users to the Allow Document Security Edits user group.

Users in this user group can grant other users document-level permissions above and beyond the matter-level security for that document. Additions to these fields will be added to the inherited security from the matter.

When permission settings conflict, the deny rule is applied; for example, Managers would not be able to edit a particular object because they also belong to the All Internal Users group.

1. In the navigation pane of the M-Files Admin Tool, expand the  Local Computer and  Document Vaults nodes.
2. Expand the node for your document vault and click the Users Groups node.
3. Double-click the Allow document security edits group.
   
4. Click the Add… button.
   
5. On the Select Users or User Groups dialog box, select the users and click Add.

Every user added to this group can override security on any document for which they have Read/Write access.