In order to give you control and flexibility when setting up security, Laserfiche has several different types of permissions that you can configure. Two of those sets of permissions—feature rights and access rights—interact closely, and so understanding what each type of permission does, and how they interact, is very important to setting up and maintaining your repository’s security policy.

A feature right controls whether a particular command is available in the Laserfiche Client (or in other client applications such as WebLink). For instance, if a user doesn’t have the Scan feature right, the Scan button won’t be available, and the Scan command will be greyed out. Since the Scan command can’t be used, the user won’t be able to scan anywhere in the repository, regardless of their other rights. In that sense, feature rights are global: without the Scan feature right, a user will never be able to scan anywhere in the repository, regardless of their other rights. (This also means that a feature right should only be denied a user if they should never be able to perform that action anywhere in the repository: if a user should be able to scan into even one folder in the repository, they should be granted the Scan feature right.)

However, while the feature right is necessary for performing the action that the right governs, it’s not sufficient. You’ll also need to have the relevant access rights.

An access right, on the other hand, controls what a user can do with a particular object in the repository, whether that’s a document, the files within a volume, a field, or a template. Unlike feature rights, access rights aren’t global across your repository, but apply to a specific document, folder, volume, field, or template. For instance, if you have the Modify/Delete files volume access right for a particular volume, you can modify or delete files in that volume, but the right has no effect on other volumes in the repository. Similarly, if you have the Delete entry access right for a particular folder and its contents, that right won’t have any effect on your ability to delete documents from a different, unrelated folder.

Feature rights and access rights need to work together, because if any relevant right is not granted to a user, that user will not be able to perform the action. For example, if you want to allow a user to scan into a particular folder, that user must first have the Scan feature right, in order to be able to launch Scanning. They must also have the appropriate entry access rights to create a new document in the particular folder, and they must have the appropriate volume access rights to add new pages to the volume the new document will be stored in. All of those elements must be correctly configured for the user to be able to scan.

• Link this:
• Print this article

Author Info

Laserfiche
Staff

The User Education team at Laserfiche consists of the technical writers responsible for all Laserfiche software documentation, including help files, white papers, and instructional videos.

Tags: laserfiche 8, security

Posted on Tuesday, August 17th, 2010 at 1:38 pm under Support, UserNews. You can comment on this post.