You are viewing limited content. For full access, please sign in.

Question

Question

Folder Structure/Permissions

Records Management Version 10 Administration Security How To
Updated July 30, 2019
asked on July 30, 2019

Hi, All, We are new to LF and its security settings. We have a goal to keep our folder structure as flat as possible. What is the best way (permissions, access rights, and/or security tags) to keep our structure flat? For example, we found that a user isn't able to see a child folder where permissions are granted without giving access to the parent folder. This is a problem in that higher level HR and A/P records are highly sensitive. A user may need to see all open, unpaid invoices for a vendor, but not see the ones that are paid, etc. We're trying to avoid nesting folders as much as is possible. Is there a workaround that can be built with WF or saved searches to achieve our goals for access and security?

0 0

Replies

replied on July 30, 2019 Show version history

Although users cannot browse to a folder without access to the parent, they can still be given access to the child folders by using Shortcuts.

For example, we have some users that cannot see any top level folders and therefore cannot browse through the repository wherever they want.

Instead, we give them shortcuts that link directly to the child folders and place them somewhere where they DO have access.

I'm not sure if this is the best solution for your situation, but I wanted to put it out there since it is a useful thing to have in your back pocket.

In the simplest terms, you don't need a "direct line of sight" to a folder's actual path you just need permissions to that folder and a shortcut somewhere you DO have access.

Security tags are certainly an option, but they come with their own complications depending on the circumstances.

1 0
replied on July 30, 2019

Hi, Raelynn

Example:
Create 2 Groups Active Directoy or Laserfiche account
AP Records Paid
AP Records Open


Security Tag:

1. Paid Invoices
2. Open Invoices


AP Records I would assign both "Ap Records Paid" and "Ap Records Open" Access to the AP Records folder.

With your workflow you can assign custom security tags that will then hide the records bases on the users or groups security rights.

AP Records Paid Group will have access to 2 Security Tags (Paid Invoices, Open Invoices)
AP Records Open will only have security tag (Open Invoices)


In your worflow you wil need to create a routing decision that can add the security tag as part of the process.


Also i would add rule in your workflow that monitor for any changes if the invoice goes from open to paid it will switch it's security tag.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...