Problem with removing Administrators group rights

asked on October 1, 2016

Hi guys,

We've got an "Administrators" group for domain accounts to have administration rights to the repository. (The Laserfiche Admin accounts - Admin, Workflow, and Forms - are all managed separately.) I have removed "Bypass Browse" and added the group specifically to a handful of restricted folders with "Deny All" set in the folder Access Rights.

However when testing, and in Effective Access for the folders, the group and its members still have Browse, Read, Read/Write Entry Security, Change Entry Owner. I've tried disabling inherited rights to the folder in addition to the Deny settings, but it doesn't make any difference, they still retain the rights.

The group members don't have any individually assigned rights or privileges, they are all inherited from the Administrators group and the Effective Rights for the group and members in the Admin Console show that Bypass Browse is off (it's off for the Everyone group as well).

What am I missing here please?

Thanks,

Mike

0 0

SELECTED ANSWER

replied on October 3, 2016

Hi Mike,

If any of the groups that the user is part of contain the 'Manage Entry Access' privilege, then they will automatically get the bypass browse right.

This is explained in more detail here:-

https://www.laserfiche.com/support/webhelp/Laserfiche/10/en-US/administration/#../Subsystems/LfAdmin/Content/List_of_Privileges.htm

I would check that first and remove the user from all groups and add back in one by one to identify the group which is causing you this unexpected behaviour. Then work out what right/privilege is changing this.

Hope this helps point you in the right direction!

1 0

replied on October 3, 2016

Thanks very much Chris, I'd completely missed that. The Administrators group had it.

0 0

Question

Question

Problem with removing Administrators group rights

Answer

Replies

Sign in to reply to this post.