You are viewing limited content. For full access, please sign in.

Question

Question

Hide Laserfiche Forms submissions from System Administrators

Forms Laserfiche Administration Feature
Updated April 3, 2023
asked on March 31, 2023

I am a Laserfiche Forms system administrator. We are working on adding HR processes to Forms. I just realized that, since I am a system administrator, even if I remove myself as a "Process Administrator" for a process, I can still view the submission and read the entire form in the "Monitor" section of Forms.

Since HR forms may contain highly sensitive data, I need a way to restrict myself (and other system administrators) from viewing certain processes. Is there a way to do this?

If there is no way, this is a feature that I would think should be an glaring requirement for any organization that is using Laserfiche with sensitive data.

0 0

Answer

SELECTED ANSWER
replied on April 3, 2023 Show version history

Yep, at the end of the day there must be a role that either has all the keys to castle, or a key that can give them the rest of the keys, which is functionally the same thing. Someone in IT will have an admin account that can technically read the CEO's emails. 

Craig correctly identified a well-established way to address this: separate privileged administrative and non-(or less)-privileged accounts.

If what you need for your day-to-day Laserfiche Forms administration tasks is the Process Administrator role on all non-HR processes, use an account with only those permissions. Use your account with the System Administrator role only when necessary to do something you can't with the normal account.

A critical part of this setup is enabling Forms Auditing (available as of Forms 11 Update 3 and Audit Trail 11 Update 4). This feature adds accountability by auditing whenever someone views Instance Details (among many other things). If necessary, you can use this to show that you did not view HR processes with your privileged System Administrator account in circumstances where it wasn't appropriate to do so.

1 0

Replies

replied on April 3, 2023

Administrators due to their need to work with an entire system will always have access to the most sensitive information in any system. 

If there are concerns with your access, you could create yourself a separate user account to be used for administrative use only and use a 'daily' account with limited access. 

But an administrative account will need to be used to troubleshoot, enhance, or fix that process eventually.

 

 

1 0
SELECTED ANSWER
replied on April 3, 2023 Show version history

Yep, at the end of the day there must be a role that either has all the keys to castle, or a key that can give them the rest of the keys, which is functionally the same thing. Someone in IT will have an admin account that can technically read the CEO's emails. 

Craig correctly identified a well-established way to address this: separate privileged administrative and non-(or less)-privileged accounts.

If what you need for your day-to-day Laserfiche Forms administration tasks is the Process Administrator role on all non-HR processes, use an account with only those permissions. Use your account with the System Administrator role only when necessary to do something you can't with the normal account.

A critical part of this setup is enabling Forms Auditing (available as of Forms 11 Update 3 and Audit Trail 11 Update 4). This feature adds accountability by auditing whenever someone views Instance Details (among many other things). If necessary, you can use this to show that you did not view HR processes with your privileged System Administrator account in circumstances where it wasn't appropriate to do so.

1 0
replied on April 3, 2023

Perfect. I must be missing one of those updates since I don't have Auditing on my self-hosted setup yet. I will update and get that working. Thank you.

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...