You are viewing limited content. For full access, please sign in.

Question

Question

Documents modified under other user's login

Laserfiche Version 10 Security
Updated October 22, 2019
asked on October 21, 2019

This is the second time this has happened where a user was able to modify a Word document in a folder to which he doesn't have access.  Here is the more concerning thing, in both instances, the modification was shown to have been made by an Administrator's login.

Both users are being authenticated to Laserfiche as themselves by AD, but somehow they were allowed to make changes to docs as the Administrator's login.

I've checked their user group security and it shouldn't allow modify access to the folder in question.  Neither of the Administrator's had logged in to the workstations in use by these users, so there was not a chance of the login being retained on those workstations.

Looking for some help on this.  First time this happened we were on 10.2, this time we are on 10.3.1.

0 0

Replies

replied on October 21, 2019

1) How are you determining that the modification was made by an Administrator? (Using Audit Trail, document version control, etc.)

2) When the user logs in with the LF Desktop Client, using Windows Authentication, what account is shown in the bottom-right corner as being logged in? (Is it their Windows username, or another username)

 

There isn't a bug in either of those versions that would cause this issue, there has to be something with the user and/or security configurations. Perhaps the user's Windows account is embedded in an admin account/group, or the user is a member of a Windows group that is embedded in an admin group in the repository. There are also certain 'Assigned Privileges' a user can have that will bypass certain folder-level Access Rights (this wouldn't show modifications being made by a different account though).

0 0
View 4 previous replies
replied on October 21, 2019

Dustin answers below:

1) Documents are under version control and the admin users in question were my service user account and MY personal admin user account.  The version modification date/time stamp were for third shift when I know I was sleeping!

2) Users all use the LF web client.  With first user, the account shown in upper right corner was the Windows username of the user.  I have not yet confirmed current login and what that shows since I need to catch him tonight.

 

I did the usual triage on AD groups and I checked the membership of these users and the Admin Group.  The Admin group membership is only 5 users (4 IT and 1 service account) and no embedded groups.

I also don't assign any privileges to groups outside of IT.  But that was a good one to look for, thanks.

What's interesting, is that both the service user and myself were the last users to access the documents prior to both the users without admin rights.

 

0 0
replied on October 21, 2019

Maybe a dumb question, but if a service account was logged as making a change to a document, isn't the simple explanation that the service made the change? Or is that not something the service does? Did the user say that they were able to incorrectly access the document and save the change? This is a Word doc, are you by chance using the Office Online integration?

0 0
replied on October 21, 2019

In the most recent scenario, the user filled out the word document with his name in it, but the admin user that the version history shows making the change is MY user account.

Yes this is a Word doc and we use the Office Plugin for the web client. Not Office Online.

0 0
replied on October 22, 2019

Brian,  I went into the version history this morning and it gets even more odd.  It's now showing another admin user as having made the change on the document..  If I didn't have a screen shot from yesterday showing the same information, I'd think I'd missed something.  Would be happy to share these and the audit trail report offline.

0 0
replied on October 22, 2019

I'd suggest working with your solution provider to open a support case. You'll be able to attach the documents and logs to the case.

1 0
replied on October 22, 2019

I second Brian's suggestion; it sounds like this may need an "eyes-on" investigation.

 

Do you have Laserfiche Workflows running in that repository? Is it possible that after the user changes the document, it kicks off a Workflow process running under an administrative identity that makes the subsequent change to the document?

1 0
replied on October 22, 2019

Brian I will open a case with my solutions provider, thanks.

Dustin,  I have a different admin user for Workflow than is showing on the versioning and audit trail so that's how I know that a Workflow wasn't acting on the document.

Good thoughts, thanks to you both!

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...