Presentation is loading. Please wait.

Presentation is loading. Please wait.

AA207: Designing a Security Policy in Laserfiche 8 Connie Anderson, Technical Writer.

Published byGwendoline Ford Modified over 8 years ago

Similar presentations

Presentation on theme: "AA207: Designing a Security Policy in Laserfiche 8 Connie Anderson, Technical Writer."— Presentation transcript:

1 AA207: Designing a Security Policy in Laserfiche 8 Connie Anderson, Technical Writer

2 Agenda Overview of Laserfiche Security New Security Features for Laserfiche 8 Security Best Practices

3 Overview of Laserfiche Security

4 Authentication and Authorization Authentication: “Can I log in?” Laserfiche password authentication Windows Authentication Authorization: “What can I do once I’ve logged in?” Feature Rights Access Rights Security Tags Privileges Folder Filter Expressions

5 Authentication Methods Laserfiche password authentication: Set up a user and password User types in password and then is logged in as that user Windows Authentication User logs in to Windows and then opens the repository Windows credentials are automatically used to determine access (trusted, denied or inherited); single sign-in

6 Authorization Feature Rights Access Rights Entry Volume Field Template Security Tags Privileges Folder Filter Expressions

7 Basic Principles of Laserfiche Security Security inherits downward Parent folder -> Child folder/document Group -> User Inheritance can be turned off for some rights, but it is not recommended However, specific rights ‘beat’ inherited rights Rights set on an entry override rights set on a parent folder Security is cautious All relevant rights must be granted to permit access Deny overrides allow or inherit Privileges are special

8 New Security Features in Laserfiche 8 New Concepts in 8 Security

9 Windows Accounts Windows Accounts can now be treated just like any other Laserfiche user You can use Windows Accounts to automatically manage your Laserfiche user base

10 Default Security Allows you to set starting ‘default’ security for new templates, fields and volumes Default security can be customized for your site. Security settings for individual objects can be modified after it has been set

11 Recycle Bin Allows for ‘temporary’ or reviewed deletions Can be turned on or off, and configured, by an administrator –Determine who can purge or restore entries –Determine when and how the recycle bin will be cleared

12 System Managers No longer use one ‘system manager password’ Instead, server management can be specifically delegated

13 Document Ownership Document creator is automatically set as document owner Ownership can be transferred to another user Document Owner always has Write Entry Security entry access right

14 Annotation Security Protected Annotations: –Can only be modified by the annotation creator or the document owner –Can be viewed by anyone Private Annotations: –Can only be viewed by the annotation creator

15 Folder Filter Expressions Uses an advanced syntax to specify dynamic security for a folder Very powerful; also potentially very complex Example: –Document has a list field –Folder Filter Expression uses the lists field value for each document to determine access –Only those users/groups which the expression determines should see the document will be able to view it

16 Template and Field Security Fields now exist in the repository independent of template Field and template security have been split

17 New Security Features in Laserfiche 8 New Specific Rights for Security in 8

18 New Privileges Manage Metadata split up: –Manage Templates and Fields –Create Templates and Fields –Manage Links –Manage Tags –Manage Stamps Privileges that allow security bypass: –Bypass Browse –Bypass Filter Expressions Recycle Bin privileges: –Purge Entries –Manage Entry Access

19 New Privilege Concepts Some privileges are appropriate for non-administrative users Some privileges are granted by default in new repositories Some privileges enhance performance

20 New Access Rights All: –Read Security –Write Security Entry Access Rights: –Delete Pages –Delete Child Entry

21 New Trustee Management Features Random Password Generation Read-Only Users Ignore Maximum Password Age

22 Security Best Practices

23 Groups Groups ensure consistency Groups make management easier Groups are less time-consuming

24 Windows Accounts Only need to administer one set of users, not two Users only need to remember one password, not two Can be used in conjunction with groups to further simplify

25 Inheritance Inheritance is your friend! Organize your folder structure with security in mind Unless it’s absolutely unavoidable, don’t turn off inheritance In general, set up your folder structure to require as few Deny settings as possible

26 Simplicity If one permission will do what you want, don’t use three If you can apply one right and inherit it, don’t set it individually instead If you can simplify by moving a folder, move that folder! The more complex a security setup is, the harder it will be to administer, and the more error-prone it will be

27 Further Resources Laserfiche Support Site (support.laserfiche.com) –Laserfiche 7 Security Best Practices Laserfiche Documentation

28

29

Download ppt "AA207: Designing a Security Policy in Laserfiche 8 Connie Anderson, Technical Writer."

Similar presentations

GW Introduction to Google Drive Security and Smart Sharing Practices.

GW Introduction to Google Drive Security and Smart Sharing Practices.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since 1991 10 years.

SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since years.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.

11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Group Accounts; Securing Resources with Permissions

Group Accounts; Securing Resources with Permissions
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Access Control Lists and NTFS Permissions INFO333 – Lecture 4 2010 Mariusz Nowostawski Noria Foukia.

Access Control Lists and NTFS Permissions INFO333 – Lecture Mariusz Nowostawski Noria Foukia.
NTFS. Authentication Is the person who she says she is? If so, access is allowed In Windows, authentication is handled by a password-protected user account.

NTFS. Authentication Is the person who she says she is? If so, access is allowed In Windows, authentication is handled by a password-protected user account.

Similar presentations

Ads by Google