A steel structure repaired component archive permission review checklist helps EPC teams confirm that archive access remains correct after project closeout. Permission review is not the same as setting permissions for the first time. It checks whether old users, temporary accounts, external reviewers, unrestricted folders, and restricted repair records still match the final handover requirement.
This guide is for EPC document controllers, quality managers, owner handover coordinators, site teams, engineering reviewers, and third party inspection coordinators. It is most useful after repaired steel components have passed acceptance and the project archive is being transferred from active construction control to long-term owner, warranty, maintenance, or claims use.
1. Decide when permission review is required
Permission review should not wait until a record is missing or exposed to the wrong user. Define trigger points so document control can review access before risk appears.
- After final acceptance of repaired steel components.
- Before owner handover or archive migration.
- After project accounts, subcontractor accounts, or third party inspection accounts expire.
- Before warranty, maintenance, or claims teams receive access.
- After a concession, NCR, root cause, or engineering disposition is restricted or reclassified.
For initial permission setup, use the archive access control checklist.
2. Review active users and groups
The first step is to compare active users against the current responsibility matrix. The permission review should confirm that users still need access and that their permission level is still correct.
| User group | Review question |
|---|---|
| Owner users | Do they have access to final accepted records and agreed limitations, but not unnecessary draft files? |
| EPC document control | Do administrators remain limited to named archive owners and backup owners? |
| Quality reviewers | Do they still require access to NCR closeout, repair evidence, and acceptance files? |
| Engineering reviewers | Is restricted technical access still assigned only to approved engineering roles? |
| External users | Are temporary TPI, subcontractor, or site contractor accounts removed or downgraded? |
For authority alignment, compare the list with the acceptance authority checklist.
3. Check expired and temporary accounts
Expired accounts are one of the most common archive problems. They may block the owner from retrieving final records, or they may leave old external users with unnecessary access to project documents.
- Remove temporary project emails that no longer belong to active users.
- Convert required owner accounts from temporary access to approved long-term access.
- Remove third party inspection accounts after report closeout unless contract requirements state otherwise.
- Remove subcontractor or site contractor accounts after their scope is complete.
- Check shared links created during closeout and disable links that bypass the role matrix.
For handover storage readiness, use the final archive closeout checklist.
4. Review restricted repair records
Restricted records need special attention during permission review. A record can be too open, too hidden, or disconnected from the final accepted evidence. The goal is controlled traceability, not secrecy that makes the archive unusable.
| Record type | Permission review action |
|---|---|
| Engineering disposition | Confirm technical reviewers remain approved and final decision status is visible in the archive index. |
| Root cause analysis | Confirm quality owner approval is required and final corrective action status is visible. |
| Concession or limitation record | Confirm owner-approved final wording is available to users who need the limitation. |
| Commercial or dispute note | Confirm it is not mixed into technical handover folders unless contract records require it. |
For traceability across restricted records, use the repaired component audit trail checklist.
5. Check final files versus draft files
Permission review should confirm that users can open the final controlled file and cannot treat drafts as final records. This is especially important when repaired component records went through several comments, revisions, or conditional approvals.
- Final accepted repair package is read-only for normal users.
- Draft repair methods, draft inspection sheets, and old photo sets are not visible as final evidence.
- Superseded files are marked clearly and kept only when traceability is needed.
- Final acceptance record, archive index, and file names use the same component mark and record number.
- Users can retrieve the final record without browsing through uncontrolled working folders.
For version control, use the repaired component document control checklist.
6. Review permission change logs
The permission review should check whether access changes were recorded. If the archive later becomes part of a warranty, claim, maintenance, or audit review, the team may need to prove when access was granted, changed, or removed.
- Access requests identify requester, reason, role, and record scope.
- Approvals identify the approver and authority basis.
- Permission changes include date, previous permission, new permission, and reason.
- Expired access removals are recorded.
- Emergency or temporary access is closed and documented.
For issue and document transmission history, use the transmittal record checklist.
7. Test owner and site retrieval after review
A permission review is not complete until the final users can retrieve the right records. Test with the same access level that owner, site, maintenance, or warranty users will actually have.
- Owner user can find the final accepted record by component mark.
- Site user can find limitations, repair notes, and transferred closeout records.
- Quality user can retrieve inspection and NCR closeout evidence.
- Engineering user can access or request restricted technical records using the defined route.
- External users who no longer need access cannot open the archive through old shared links.
For retrieval testing, use the archive retrieval checklist.
Final archive permission review checklist
Before closing the permission review, confirm:
- Permission review trigger and review date are recorded.
- Active users and groups match the approved role matrix.
- Expired, temporary, and unnecessary external users are removed or downgraded.
- Restricted repair records have visible references and controlled request routes.
- Final files are protected from uncontrolled editing or accidental draft use.
- Permission change logs show requester, approver, reason, date, and access level.
- Owner, quality, engineering, and site retrieval tests are completed after permission changes.
Red flags in permission review
- No one can explain why an external user still has access after handover.
- Owner users can only retrieve records through a former project team member.
- Draft and final files are both visible without status labels.
- Shared links bypass the role matrix.
- Restricted records are hidden with no visible reference in the archive index.
- Permission changes are not logged.
Buyer note: Permission review protects repaired component archives after the project team changes. EPC buyers should require periodic review of active users, expired accounts, restricted records, final file protection, permission logs, and post-review retrieval before accepting the archive as stable.