You are viewing limited content. For full access, please sign in.

Question

Question

field search without read rights will not return shortcuts

Version 10 Search and Retrieval Security Records Management
Updated September 26, 2018
asked on June 17, 2016

Hi Guys,

Need some help here as I am pulling my hair out.

We have a customer who uses TRM and we show the shortcuts for the records in an operator folder. This worked well as the documents with security tags would still show the shortcut in the operator folder but would still bring up the "access denied" message if an unauthorised user tried to open it. Since LF 10 this has been fixed and no longer showed the security tagged shortcuts to the unauthorised users. - Obviously I know this is the way the security tag should work but this customer likes the unauthorised users to still see the shortcut so they know the record is there but cannot open it / export it etc

 

So we "fixed" this error by giving the unauthorised group the security tag but moving the tagged documents to a folder and removed the groups read access rights but kept browse. Now the problem here is if they browse to the operator folder they can see ALL shortcuts (perfect) but if they perform a field search (with resolve shortcuts on) it does not bring back the tagged shortcuts.

I have worked out this is because the read rights does not allow you to see the document OR the metadata so you cannot run a search on a field if you cannot see the value. They can however run an entry name search and this brings ALL shortcuts back but it is a pretty useless search / workaround.

 

My question here is -

Is this a bug that will be fixed?

Can I change a setting to allow read metadata only? and not read document.

Any other suggestions / work arounds?

 

All advice will be very much appreciated - thank you very much and have a great weekend!

Thanks

Tina

 

 

 

1 0

Replies

replied on June 21, 2016

Hi Tina,

When the tag is applied to the Record, it is denying the ability to interact with that Record in any way. This includes being able to see the shortcuts for that Record.

If you want people to be able to see the shortcuts, but not have access, you can use Access Rights to grant access to shortcuts, and Not Grant/Deny access to the Records.

Is this possible?

 

Thanks,

0 0
replied on June 21, 2016

Hi Nathan,


Thank you very much for your response.

The group have access to the tag which means they can see the shortcuts but we have put the records in a folder which the group have read denied on the access rights.


This has resulted in the group able to see the shortcuts but only if they navigate the folder structure or use an entry name search. They are unable to return the shortcuts in a search using the field search which is how they currently perform searches.

 

Hope this makes sense and you can help somehow :)

 

Thanks

Tina

0 0
replied on June 21, 2016

So currently the group is able to see the shortcuts, but has no access to open them, read them, or view their metadata. In this case, you are right, they won't be able to locate these Records via Field search, because their user does not have access to see the Field values, and check against them. An alternative to this would be a security issue, because then users could identify the Metadata values of documents that they don't have metadata access to.

Would it be possible to set up an automated folder structure of shortcuts to display all the shortcuts for users; this way they wouldnt need to perform any searches?

0 0
replied on June 22, 2016

Hi Nathan,

We currently have the records management folders with the records within and the shortcuts for these are in an automated folder structure. So the group do have the ability to navigate the folders to find ALL shortcuts but would prefer to perform searches.

 

We would love a feature in Laserfiche to separate the read rights into read document / read metadata as we do wish them to see the metadata just not the image itself.

 

The only workarounds we can think of is making a fake "placeholder" entry which has the metadata but no image attached and tag this so the group which cannot read the originals are the only ones who know these fake entries exist. The other is to set up custom searches for taking them to the parent folder so they can open it up and see all shortcuts within or custom entry name searches.

If you have any better ideas then please let me know.

 

Thanks

Tina

0 0
replied on June 22, 2016

Creating placeholder entries may work to provide context of what is available in the repository, but it is generally good practise to avoid duplication of data. With Records Management especially, any content under RM that is duplicated will mean that both the original and copy should be under RM.

Custom Searches can be configured and applied to users or to Everyone at the Administrator Console. Alternatively, you might look for a way to automate shortcuts out for users in another format that would also be suitable.

0 0
replied on September 26, 2018

I'm interested in a response to the original question:

Can I change a setting to allow read metadata only? and not read document.

Typically, the content is what cannot be seen, the metadata just tells the user that the record exists, but s/he cannot see it. I used another system that did allow us to see metadata, but not content. Otherwise, people think the record doesn't exist and they try to submit it again.

Is that in the cards for a future enhancement?

0 0
replied on September 26, 2018

Hi Gloria,

In the past, when I've needed to do something like this, I've used Workflow to rename the document to display the important pieces of metadata.

-Ben

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...