5 Things I Wish I’d Known About Setting Up a Secure Repository
An ECM repository with poor security can lead to missing documents, improper access and failed audits. Here are five things to keep in mind when setting up a secure repository.
1. Entry access rights vs. privileges
Entry access rights govern the operations that a user can perform on folders or documents. For example, users may be able to read invoices, but not edit or delete them. It is a best practice to assign entry access rights to groups rather than individual users. In this way, you can simply add users to groups and they will automatically inherit the correct rights.
Privileges are special account rights that grant the ability to perform operations dealing with the management of an ECM repository. Privileges can be divided among different types of administrators. For example, a high-level administrator can be granted privileges to manage entry access and metadata while a department manager will have privileges to manage templates/fields and annotations.
When configuring entry access rights, make sure you take scope into account. Apply entry access rights at the broadest level possible while still restricting access in the way that you need. First, grant access to entire sections of the folder tree. Then, restrict access based on which folders you want particular groups to have the ability to access. If you choose the correct scope for a situation, you will be able to carefully manage who can see what in the repository without having to set rights on a large number of individual documents and folders.
For example, if you want an employee to have access to everything except for the folders and documents in the “Annual Review Information” folder, then assign scope to be the “Human Resources” folder and its immediate subfolders. Because you used the correct scope, you don’t have to manually deny the employee access to the “Confidential” folder. He or she won’t be able to open it because the scope you specified doesn’t include it.
3. Entry ownership
The entry’s owner has the ability to manage (modify and delete) that document without needing to involve an administrator. By default, the document’s creator is the entry’s owner. There are certain instances where this is fine, but many times, users may create documents that you do not want them to modify or delete later. For example, an accounting clerk can scan new invoices into the ECM repository but you don’t want her to be able to delete those invoices later. Even if she doesn’t have the delete privileges on the repository, she can still delete the new invoices that she created. The solution would be to automatically change the entry owner on all newly created invoices to that of an administrator or to simply leave it unassigned.
4. Active Directory integration
Integrate your ECM system users with Windows Active Directory to simplify setting up security.
- The same groups created in Windows will carry over into the ECM system, leaving less work for the administrator.
- If a user leaves the organization, the administrator can simply disable or remove that person’s domain account and the user will then be automatically removed from the ECM system.
- Users can log into the repository automatically without needing to remember a separate username and password.
Metadata can be as important as the actual document content. Set up field security so that only authorized users are able to modify the contents of the field. If you store sensitive information in fields, you can also use field access rights to hide fields entirely. For example, to strictly limit the users and groups who can view social security numbers, grant the “Read” right for the social security number field to a limited number of users. Unauthorized users wouldn’t even see that the field was applied to the document.
Learn how to select an ECM system that aligns with the security needs of your organization by downloading your free copy of the “Document Management Buyer’s Handbook.”