Presentation is loading. Please wait.

Presentation is loading. Please wait.

AA207: Designing a Security Policy in Laserfiche 8 Connie Anderson, Technical Writer.

Similar presentations


Presentation on theme: "AA207: Designing a Security Policy in Laserfiche 8 Connie Anderson, Technical Writer."— Presentation transcript:

1 AA207: Designing a Security Policy in Laserfiche 8 Connie Anderson, Technical Writer

2 Agenda Overview of Laserfiche Security New Security Features for Laserfiche 8 Security Best Practices

3 Overview of Laserfiche Security

4 Authentication and Authorization Authentication: “Can I log in?” Laserfiche password authentication Windows Authentication Authorization: “What can I do once I’ve logged in?” Feature Rights Access Rights Security Tags Privileges Folder Filter Expressions

5 Authentication Methods Laserfiche password authentication: Set up a user and password User types in password and then is logged in as that user Windows Authentication User logs in to Windows and then opens the repository Windows credentials are automatically used to determine access (trusted, denied or inherited); single sign-in

6 Authorization Feature Rights Access Rights Entry Volume Field Template Security Tags Privileges Folder Filter Expressions

7 Basic Principles of Laserfiche Security Security inherits downward Parent folder -> Child folder/document Group -> User Inheritance can be turned off for some rights, but it is not recommended However, specific rights ‘beat’ inherited rights Rights set on an entry override rights set on a parent folder Security is cautious All relevant rights must be granted to permit access Deny overrides allow or inherit Privileges are special

8 New Security Features in Laserfiche 8 New Concepts in 8 Security

9 Windows Accounts Windows Accounts can now be treated just like any other Laserfiche user You can use Windows Accounts to automatically manage your Laserfiche user base

10 Default Security Allows you to set starting ‘default’ security for new templates, fields and volumes Default security can be customized for your site. Security settings for individual objects can be modified after it has been set

11 Recycle Bin Allows for ‘temporary’ or reviewed deletions Can be turned on or off, and configured, by an administrator –Determine who can purge or restore entries –Determine when and how the recycle bin will be cleared

12 System Managers No longer use one ‘system manager password’ Instead, server management can be specifically delegated

13 Document Ownership Document creator is automatically set as document owner Ownership can be transferred to another user Document Owner always has Write Entry Security entry access right

14 Annotation Security Protected Annotations: –Can only be modified by the annotation creator or the document owner –Can be viewed by anyone Private Annotations: –Can only be viewed by the annotation creator

15 Folder Filter Expressions Uses an advanced syntax to specify dynamic security for a folder Very powerful; also potentially very complex Example: –Document has a list field –Folder Filter Expression uses the lists field value for each document to determine access –Only those users/groups which the expression determines should see the document will be able to view it

16 Template and Field Security Fields now exist in the repository independent of template Field and template security have been split

17 New Security Features in Laserfiche 8 New Specific Rights for Security in 8

18 New Privileges Manage Metadata split up: –Manage Templates and Fields –Create Templates and Fields –Manage Links –Manage Tags –Manage Stamps Privileges that allow security bypass: –Bypass Browse –Bypass Filter Expressions Recycle Bin privileges: –Purge Entries –Manage Entry Access

19 New Privilege Concepts Some privileges are appropriate for non-administrative users Some privileges are granted by default in new repositories Some privileges enhance performance

20 New Access Rights All: –Read Security –Write Security Entry Access Rights: –Delete Pages –Delete Child Entry

21 New Trustee Management Features Random Password Generation Read-Only Users Ignore Maximum Password Age

22 Security Best Practices

23 Groups Groups ensure consistency Groups make management easier Groups are less time-consuming

24 Windows Accounts Only need to administer one set of users, not two Users only need to remember one password, not two Can be used in conjunction with groups to further simplify

25 Inheritance Inheritance is your friend! Organize your folder structure with security in mind Unless it’s absolutely unavoidable, don’t turn off inheritance In general, set up your folder structure to require as few Deny settings as possible

26 Simplicity If one permission will do what you want, don’t use three If you can apply one right and inherit it, don’t set it individually instead If you can simplify by moving a folder, move that folder! The more complex a security setup is, the harder it will be to administer, and the more error-prone it will be

27 Further Resources Laserfiche Support Site (support.laserfiche.com) –Laserfiche 7 Security Best Practices Laserfiche Documentation

28

29


Download ppt "AA207: Designing a Security Policy in Laserfiche 8 Connie Anderson, Technical Writer."

Similar presentations


Ads by Google