# About Strict Security Mode

In past releases, Vault provided two security modes for administrator access to documents, known as "strict" and "non-strict." After V10, we will continue to support the non-strict mode for Vaults that already use it, but new Vaults and those currently using the strict mode cannot switch to non-strict mode.

## Enabling Strict Security Mode

To switch to strict security mode, you must have a security profile that grants the **Security Settings**: **Edit** permission.

Navigate to **Admin** > **Settings** > **Security Settings**. Click **Edit**, change the **Administrator Access** option, and click **Save**. Once you enable strict security, you cannot change this setting back.

## Differences in Security Modes

When strict security is _not_ enabled (option is "Administrators have automatic access to all documents"), Vault applies the following rules:

  * All Admins' (users with a security profile that grants at least one permission from the **Admin** section of permission sets OR users in the standard system-managed _Business Administrators_ or _System Administrators_ group) document access is based on the combination of the _Owner_ and _Coordinator_ role permissions from the security matrix.
  * Admins with the **Vault Owner Actions** permissions, like **All Document Read**, will have additional access.

When strict security mode _is_ enabled, Vault applies these rules:

  * Document access for Admins is based on their assigned document roles and those roles' permissions.
  * Admins without explicit role-based permissions to a document (listed in **Sharing Settings**) cannot view the document.
  * When viewing the document logs, Admins can only see the history for documents they have permissions to view.
  * Customers who want an open security model can create a security profile that grants the **All Documents Read** permission from the Vault Owner Actions section.

<div class="note-border alert-info">
  <div class="alert alert-info" role="alert">
    <div><i class="far fa-info-circle"></i></div>
    <div class="alert-text">
      <p><strong>Note</strong>: The standard <em>Vault Owner Actions</em> permission set grants users permission to view all documents in the Vault, regardless of the selected security mode.</p>
    </div>
  </div>
</div>



### Vault API Differences

If the authenticated user does not have explicit role-based _View_ permission to the document (listed in **Sharing Settings**), custom document relationships added at the subtype or classification level are not returned by the Document Relationships API. Without this permission, custom relationships must be added at the document type level to be returned with the Document Relationships API.