Download presentation
Presentation is loading. Please wait.
Published byGwendoline Ford Modified over 8 years ago
1
AA207: Designing a Security Policy in Laserfiche 8 Connie Anderson, Technical Writer
2
Agenda Overview of Laserfiche Security New Security Features for Laserfiche 8 Security Best Practices
3
Overview of Laserfiche Security
4
Authentication and Authorization Authentication: “Can I log in?” Laserfiche password authentication Windows Authentication Authorization: “What can I do once I’ve logged in?” Feature Rights Access Rights Security Tags Privileges Folder Filter Expressions
5
Authentication Methods Laserfiche password authentication: Set up a user and password User types in password and then is logged in as that user Windows Authentication User logs in to Windows and then opens the repository Windows credentials are automatically used to determine access (trusted, denied or inherited); single sign-in
6
Authorization Feature Rights Access Rights Entry Volume Field Template Security Tags Privileges Folder Filter Expressions
7
Basic Principles of Laserfiche Security Security inherits downward Parent folder -> Child folder/document Group -> User Inheritance can be turned off for some rights, but it is not recommended However, specific rights ‘beat’ inherited rights Rights set on an entry override rights set on a parent folder Security is cautious All relevant rights must be granted to permit access Deny overrides allow or inherit Privileges are special
8
New Security Features in Laserfiche 8 New Concepts in 8 Security
9
Windows Accounts Windows Accounts can now be treated just like any other Laserfiche user You can use Windows Accounts to automatically manage your Laserfiche user base
10
Default Security Allows you to set starting ‘default’ security for new templates, fields and volumes Default security can be customized for your site. Security settings for individual objects can be modified after it has been set
11
Recycle Bin Allows for ‘temporary’ or reviewed deletions Can be turned on or off, and configured, by an administrator –Determine who can purge or restore entries –Determine when and how the recycle bin will be cleared
12
System Managers No longer use one ‘system manager password’ Instead, server management can be specifically delegated
13
Document Ownership Document creator is automatically set as document owner Ownership can be transferred to another user Document Owner always has Write Entry Security entry access right
14
Annotation Security Protected Annotations: –Can only be modified by the annotation creator or the document owner –Can be viewed by anyone Private Annotations: –Can only be viewed by the annotation creator
15
Folder Filter Expressions Uses an advanced syntax to specify dynamic security for a folder Very powerful; also potentially very complex Example: –Document has a list field –Folder Filter Expression uses the lists field value for each document to determine access –Only those users/groups which the expression determines should see the document will be able to view it
16
Template and Field Security Fields now exist in the repository independent of template Field and template security have been split
17
New Security Features in Laserfiche 8 New Specific Rights for Security in 8
18
New Privileges Manage Metadata split up: –Manage Templates and Fields –Create Templates and Fields –Manage Links –Manage Tags –Manage Stamps Privileges that allow security bypass: –Bypass Browse –Bypass Filter Expressions Recycle Bin privileges: –Purge Entries –Manage Entry Access
19
New Privilege Concepts Some privileges are appropriate for non-administrative users Some privileges are granted by default in new repositories Some privileges enhance performance
20
New Access Rights All: –Read Security –Write Security Entry Access Rights: –Delete Pages –Delete Child Entry
21
New Trustee Management Features Random Password Generation Read-Only Users Ignore Maximum Password Age
22
Security Best Practices
23
Groups Groups ensure consistency Groups make management easier Groups are less time-consuming
24
Windows Accounts Only need to administer one set of users, not two Users only need to remember one password, not two Can be used in conjunction with groups to further simplify
25
Inheritance Inheritance is your friend! Organize your folder structure with security in mind Unless it’s absolutely unavoidable, don’t turn off inheritance In general, set up your folder structure to require as few Deny settings as possible
26
Simplicity If one permission will do what you want, don’t use three If you can apply one right and inherit it, don’t set it individually instead If you can simplify by moving a folder, move that folder! The more complex a security setup is, the harder it will be to administer, and the more error-prone it will be
27
Further Resources Laserfiche Support Site (support.laserfiche.com) –Laserfiche 7 Security Best Practices Laserfiche Documentation
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.