You are viewing limited content. For full access, please sign in.

Question

Question

Security Question about Everyone

Updated January 18, 2018
asked on January 18, 2018

I'm taking over Laserfiche and I attended Empower this year and took a few admin/security courses.  I'm back at the office auditing the security.  We have an Windows Account Everyone.  Everyone has no feature rights and no privileges.  However on the Volumes it has Read, Add, Modify, Create, Read Vol Sec.  Is there a best practice for using and everyone account?  Should I work towards eliminating this account?  I think I find it to be counter productive.  We have allow everyone's and then deny's on large groups of people on some volumes.  

0 0

Replies

replied on January 18, 2018

Hi Wesley, Welcome to Laserfiche!

The Everyone account should be a Laserfiche built in account, and not a Windows account.  It has a role in initial system set up, and in providing access to volumes over the long run.

From the sound of it, you are already using best practices.  We always remove all rights and privileges from Everyone as well.  In addition, Everyone should be removed from access via the client.  That is, go to the root level, Access Rights, and make sure Everyone is not in that list. 

However, it's generally OK (preferable) to allow Everyone to have Volume access.  Now we go a little deeper.  Access to material in Laserfiche is primarily controlled via the folder structure.  You can additionally control access through the volumes, and this is often done for very sensitive areas like HR.  But, Volume access should be viewed as extra layer of protection, and not your main means of controlling access. 

If your folder access rights are set up correctly, you really don't need to restrict Volume access.  Keep in mind that for Volume access to work properly, documents have to be added to the right volume.  This is harder to control than folder access, which is hierarchical.

 

1 0
replied on January 18, 2018

To add to Bill's comments, it is always preferable to "Allow" rather than "Deny" and LF actually recommends against using "Deny" unless it you have a really could reason it couldn't be done the other way around.

Not allowing will give the same results as Deny, but it introduces far fewer complications and far more manageable because seeing who does have access is much more useful than seeing who does not.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...