Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing a Security Policy in Laserfiche 8 LAB 201 Steve Hackney.

Published byMelvyn Calvin Harrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Implementing a Security Policy in Laserfiche 8 LAB 201 Steve Hackney."— Presentation transcript:

1 Implementing a Security Policy in Laserfiche 8 LAB 201 Steve Hackney

2 Agenda -Architecture -Authentication -Authorization -Template/ Field Security -Volume Security -Entry Access Rights -Tags -Recycle Bin -Order of Precedence

3 Architecture

4 Users and Groups Laserfiche Users and Groups -Laserfiche security is based on User or Group Rights -In order to know which rights someone should have, they should provide credentials to Laserfiche -Tip #1 -Use Groups when possible

5 Authentication -Verifies users identity -Access to the Repository from any Laserfiche portal/module requires authentication -Authentication provides credentials Authorization defines rights

6 Authentication Methods of Authentication - Administrator Defined Username and Password -Windows Authentication -User Mapping -Windows Accounts -Tip #2 -Use Windows Authentication when possible

7 Windows Authentication User Mapping (LF7) Map a Windows user/group account to an existing Laserfiche user/group It is possible to deny LF Access to individual members of a Windows group

8 Windows Authentication cont. User Mapping (LF 7) Map a Windows user/group account to an existing Laserfiche user/group It is possible to deny access to one member of a Windows group Windows Authentication (LF8) Add a windows user/ group directly into Laserfiche Admin Console and apply rights to the Windows account

9 Exercise #1 Create Users and Groups - Refer to steps provided in the exercise packet Remember to keep the following best practices in mind: - Use Windows Authentication - Use groups when possible

10 Authorization Overview -Layers of Security -Privileges -Feature Rights -Entry Access Rights -Setting up Default Security -Template Field Security -Volume Security -Security Tags -Order of Precedence New to Laserfiche 8 -Default Security -Recycle Bin -Annotation Security

11 Privileges Privileges are administrative abilities for managing the repository -Version 7 – Admin Privileges -Manage Trustees -Manage Volumes -Manage Entry Access Rights -Version 8 – Manager Privileges -Manage Templates and Fields -Create Templates and Fields -Manage Links -Manage Stamps Separate Privileges for Metadata -Manage Tags -Purge Entries -Tip #3 -Take advantage of the manager type Privileges. Giving the managers more administrative responsibilities will make administering the repository more feasible }

12 Feature Rights Feature Rights include general abilities in the client -Feature rights are not specific to a document or folder -Also can be described as Global (repository wide rights) -Scan -Import -Search -Print -Export -Edit text -Tip #4 -Assign common rights to groups when possible

13 Exercise #2 Assign Groups and Users Privileges and Feature Rights -Feature Rights and Privileges are global and are therefore set up in the Admin Console -Refer to steps provided in the exercise packet Remember to keep the following best practices in mind: -Assign common rights to groups -This will save you time not only initially, but also when new members of the group are added -Use the Manager type privileges to make your life easier!

14 Field Security Rights -Read -CreateApplicable to filling out fields -Edit -Modify Field -Delete Field -Read Access Control List (ACL) -Modify Access Control List (ACL) } Field management } Access management }

15 Template Security Rights -Modify Template -Delete Template -Read Template Security -Change Template Security

16 Exercise #3 Assign Field and Template Rights to Users and Groups -Template and Field security is set up in the Admin Console -Refer to steps provided in the exercise packet Remember to keep the following best practices in mind: -Assign common rights to groups -This will save you time not only initially, but also when new members of the group are added -Use the Manager type privileges to make your life easier!

17 Volume Security Rights -Laserfiche 7 -Read -Append Data -Modify/ Delete Documents -Create Documents -Laserfiche 8 -Delete Volume -Read Volume Security -Change Volume Security

18 Security Tags Security Tags are a dynamic layer of security giving a user the ability to restrict other users’ access to documents -Tags are first created by the admin and then assigned to groups or users -Users that have been assigned a tag can then “tag” documents or folders -Only users who have been assigned the tag can view the documents with that tag -Tip #5 -Assign Administrator All tags

19 Security Tags 1) If a document is tagged with Tag B, Who can see the document?

20 Security Tags 1) If a document is tagged with Tag B, Who can see the document?

21 Security Tags The CEO requests the Executive Level Security Tag 1) If a document is tagged with Tag B, Who can see the document?

22 Security Tags The CEO requests the Executive Level Security Tag 1) If a document is tagged with Tag B, Who can see the document?

23 Security Tags The CEO requests the Executive Level Security Tag 1) If a document is tagged with Tag B, Who can see the document? 2) Who can see the document now?

24 Security Tags The CEO requests the Executive Level Security Tag 1) If a document is tagged with Tag B, Who can see the document? 2) Who can see the document now?

25 Security Tags The CEO requests the Executive Level Security Tag 1) If a document is tagged with Tag B, Who can see the document? 2) Who can see the document now? 3) The CEO Tags the document with Tag A. Who can see the document now?

26 Security Tags The CEO requests the Executive Level Security Tag 1) If a document is tagged with Tag B, Who can see the document? 2) Who can see the document now? 3) The CEO Tags the document with Tag A. Who can see the document now?

27 Entry Access Rights Entry Access Rights are abilities allowed or denied for specific documents or folders in a repository -Browse -Read -Write -See Annotations -See Through Redactions -Access Control -Write Metadata -Create Documents -Etc.

28 Scope Scope determines how an access right is inherited -This folder, subfolder and documents -This folder and subfolders -Subfolders and documents only -Documents only -This entry only

29 Scope

30 Security: Order Of Precedence Order of Precedence -Inherited rights vs. Explicit Rights -Explicit rights are applied to a specific folder -Inherited rights are propagated through scope -Explicit rights will always take precedence over inherited rights Explicit Inherited

31 Inherited Allow with Explicit Deny Archie allowed at Sales Department, inherited down Archie denied at Region - Central

32 Inherited Allow with Explicit Deny Archie allowed at Sales Department, inherited down Archie denied at Region - Central Conclusion: Archie does not have access to Region - Central

33 Inherited Deny with Explicit Allow Veronica denied access at Sales Department, inherited down Veronica allowed access explicitly at Region - Central

34 Inherited Deny with Explicit Allow Veronica denied access at Sales Department, inherited down Veronica allowed access explicitly at Region - Central Conclusion: Veronica can access Region - Central, but cannot browse due to security on the Sales Department folder. Veronica can still SEARCH for Region - Central

35 Security: Order Of Precedence Because rights may overlap, the Order of Precedence will dictate which rights takes priority -Explicit Access Rights –Deny, Allow, or None - If the User is allowed and the Group is denied, then the user does not have access - If the User is allowed and the Group is allowed, then the user has access - If User is allowed and it is not defined at the Group level, then the user is allowed - If it is not defined at the User/Group level, then the user is not allowed

36 Security: Order Of Precedence Two methods to apply security -Allow all and then deny -Allow nothing then allow -Tip #5 -Use the allow nothing, then allow method when possible -This requires the use of the scope “This Entry Only”

37 Security: Order Of Precedence -7 Rights Established Sales Team allowed at Sales Department explicitly, inherited down Veronica and Betty denied explicitly at Region - Central Archie and Betty denied explicitly at Region - East Archie and Veronica denied explicitly at Region - West

38 Security: Order Of Precedence -4 Rights Established Sales Team allowed at Sales Department explicitly, THIS ENTRY ONLY Archie allowed explicit rights to Region - Central Veronica allowed explicit rights to Region - East Betty allowed explicit rights to Region - West

39 Exercise #4 Assign Access Rights to Users and groups -Access rights are applied to the Folder Structure -Refer to steps provided in the exercise packet Remember to keep the following best practices in mind: -Assign rights to groups wherever applicable -This will save you time not only initially, but also when new members of the group are added -Use the Allow none and then Allow method -Hint: This method requires the use of the scope “This Entry Only”

40 New to Laserfiche 8 Default Security -Can automate default security for the following -Templates -Fields -Volumes -Can be applied to User/ Groups/ Owner -Owner is the person who created the object Recycle Bin -Purge Entry Privilege -Entry Access Rights Privilege Annotation security

41 Exercise #5 Setting up Default Security -Access rights are applied to the Folder Structure -Refer to steps provided in the exercise packet -Tip #6 -Use the new security features in Laserfiche 8 to make administering Laserfiche more efficient

42 New to Laserfiche 8 Recycle Bin -Purge Entry Privilege -Entry Access Rights Privilege Annotation security -Entry Access Rights Privilege

43

44

Download ppt "Implementing a Security Policy in Laserfiche 8 LAB 201 Steve Hackney."

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.

When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Group Accounts; Securing Resources with Permissions

Group Accounts; Securing Resources with Permissions
Protect your data with Security John Ykema, Director of Sales & Marketing.

Protect your data with Security John Ykema, Director of Sales & Marketing.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Chapter 5 File and Printer Services

Chapter 5 File and Printer Services
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.

Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Implementing File and Print Services

Implementing File and Print Services
Managing Active Directory Domain Services Objects

Managing Active Directory Domain Services Objects
Chapter 7: WORKING WITH GROUPS

Chapter 7: WORKING WITH GROUPS
IOS110 Introduction to Operating Systems using Windows Session 8 1.

IOS110 Introduction to Operating Systems using Windows Session 8 1.

Similar presentations

Ads by Google