An ECM repository with poor security can lead to missing documents, improper access and failed audits. Here are five things to keep in mind when setting up a secure repository.

1. Entry access rights vs. privileges

Entry access rights govern the operations that a user can perform on folders or documents. For example, users may be able to read invoices, but not edit or delete them. It is a best practice to assign entry access rights to groups rather than individual users. In this way, you can simply add users to groups and they will automatically inherit the correct rights.

Privileges are special account rights that grant the ability to perform operations dealing with the management of an ECM repository. Privileges can be divided among different types of administrators. For example, a high-level administrator can be granted privileges to manage entry access and metadata while a department manager will have privileges to manage templates/fields and annotations.

2. Scope

When configuring entry access rights, make sure you take scope into account. Apply entry access rights at the broadest level possible while still restricting access in the way that you need. First, grant access to entire sections of the folder tree. Then, restrict access based on which folders you want particular groups to have the ability to access. If you choose the correct scope for a situation, you will be able to carefully manage who can see what in the repository without having to set rights on a large number of individual documents and folders.

For example, if you want an employee to have access to everything except for the folders and documents in the “Annual Review Information” folder, then assign scope to be the “Human Resources” folder and its immediate subfolders. Because you used the correct scope, you don’t have to manually deny the employee access to the “Confidential” folder. He or she won’t be able to open it because the scope you specified doesn’t include it.

securerespository1

3. Entry ownership

The entry’s owner has the ability to manage (modify and delete) that document without needing to involve an administrator. By default, the document’s creator is the entry’s owner. There are certain instances where this is fine, but many times, users may create documents that you do not want them to modify or delete later. For example, an accounting clerk can scan new invoices into the ECM repository but you don’t want her to be able to delete those invoices later. Even if she doesn’t have the delete privileges on the repository, she can still delete the new invoices that she created. The solution would be to automatically change the entry owner on all newly created invoices to that of an administrator or to simply leave it unassigned.

4. Active Directory integration

Integrate your ECM system users with Windows Active Directory to simplify setting up security.

  • The same groups created in Windows will carry over into the ECM system, leaving less work for the administrator.
  • If a user leaves the organization, the administrator can simply disable or remove that person’s domain account and the user will then be automatically removed from the ECM system.
  • Users can log into the repository automatically without needing to remember a separate username and password.

5. Metadata

Metadata can be as important as the actual document content. Set up field security so that only authorized users are able to modify the contents of the field. If you store sensitive information in fields, you can also use field access rights to hide fields entirely. For example, to strictly limit the users and groups who can view social security numbers, grant the “Read” right for the social security number field to a limited number of users. Unauthorized users wouldn’t even see that the field was applied to the document.

Security on the Social Security Number (SSN) field for administrative users.

Security on the Social Security Number (SSN) field for administrative users.

Security on the SSN field for records managers.

Security on the SSN field for records managers.

Learn how to select an ECM system that aligns with the security needs of your organization by downloading your free copy of the “Document Management Buyer’s Handbook.”

Document Management: Buyer's Guide

 

Some of the products and services listed on the Laserfiche Solution Exchange were not developed by Laserfiche. The recommendations and opinions expressed on the Laserfiche Solution Exchange are those of the person or persons posting the recommendations only, and they do not necessarily represent Laserfiche's opinion or recommendation of the product or service being reviewed. Laserfiche disclaims all liability resulting from your purchase or use of any non-Laserfiche software product or service listed on the site.