You are viewing limited content. For full access, please sign in.

Question

Question

Laserfiche Permissions

asked on May 11

I am looking for clarification on Laserfiche permissions.  

I understood that Laserfiche took the least privilege approach to permissions.  I might be wrong as I have not found anything in the documents to clarify it.  The "everyone" group for the most part for us at least seems to be the most restrictive and usually only has view access to folders/documents.  We have groups that have higher level permissions for different portions of those same folders.  

Can anyone clarify this or at least point me in the direction that can explain this better.

 

Thanks in advance.

0 0

Answer

SELECTED ANSWER
replied on May 11

With Laserfiche permissions, you have an implied deny (neither the allow or deny checkboxes are checked), you have an explicit allow (the allow checkbox is checked), and you have an explicit deny (the deny checkbox is checked).  An explicit allow will always override an implied deny and an explicit deny will always override both the explicit allow and  the implied deny.

 

When you read or hear that LF will use the least privilege, this means that if the user has an explicit deny and an explicit allow, the deny will override.  Note:  This also applies to the read only setting where if the user inherits read only from any group, they will be read only everywhere.

 

So with that information, the Everyone group uses the implied deny for most things, so when the user is in a group with an explicit allow, they are allowed.

2 0
replied on May 11

Thanks, I think that clears it up.

 

0 0

Replies

You are not allowed to reply in this post.
You are not allowed to follow up in this post.

Sign in to reply to this post.