You are viewing limited content. For full access, please sign in.

Question

Question

Laserfiche Rights and Privileges Automation

Laserfiche Administration How To SDK
Updated December 14, 2022
asked on December 13, 2022

Hi,

A client has asked me if there is a way of centralizing and/or automating the setting of feature, privileges and access rights. For example if this can be done by an administrator at the Active Directory level instead of creating users in Active Directory, then again setting features and privileges in the Admin Console then going into the client and setting the access rights. I would appreciate any ideas or if someone has achieved such a fete.

regards,

Mark

0 0

Replies

replied on December 13, 2022

Use role-based access control based on AD groups.

Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the permissions needed to perform particular system functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account; this simplifies common operations, such as adding a user, or changing a user's department.

Preparation/Setup

  1. Create relevant AD groups (e.g., "LF-HR-Staff", "LF-HR-Admins", etc.) and optionally LFDS groups that will have those AD groups as members.
  2. Set features, privileges, and access rights on the AD and/or LFDS groups as appropriate for the roles they represent.

New User Procedure

  1. Create AD user.
  2. Add AD user to applicable AD role groups for Laserfiche

The user will inherit the features, privileges, and access rights for their role(s) from their AD group membership without having to configure anything for them in Laserfiche.

1 0
replied on December 13, 2022

Hi Samule,

Thanks for this helpful information. Just some clarification though for the second point in Preparation/Setup. Where are these features, privileges and access rights setup configs done? Because I know that these are configured in the Admin Console. I don't think I have any knowledge of how this can be done in LFDS leave alone in AD since we have an AD Administrator who will of course ask for direction if we go that route.

Regards

0 0
replied on December 14, 2022

You configure them in the Admin Console (Feature Rights, Privileges, Metadata security, etc.) and Windows Client (Entry Access Rights), or Web Client, where you can do all of the above. Do the same for Forms where applicable.

Please see the documentation on the Types of Security in a repository for information on where to configure each type, as well as the Forms Security Overview.

You set the role-based access controls within Laserfiche (repo, Forms, etc.) on the AD groups or AD-group-containing LFDS groups as a one-time setup task. Thereafter, the AD Administrator simply adds/removes AD users to/from the AD groups. If you want to add a new role or modify security for an existing one, you do that in Laserfiche.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...