Question

Entry Access Right Scope by Level

Security

Updated October 17, 2013

asked on July 3, 2013

Dears,

In the access right scope, administrators can select "THIS ENTRY ONLY", "THIS FOLDER SUBFOLDER AND DOCUMENTS", "THIS FOLDER AND ITS IMMEDIIATE CHILDREN", etc...

My Question: We are looking to have something like "SUB FOLDER LEVEL (n)" where (n) is the index of the sub level folder, for exemple we have a folder strcture as follows:

If we want to assign Rights over C1, C2, C3 and C4 which is not also created. What we need, is to assign a user over A but with the scope " SUB FOLDER LEVEL (3)", so the rights will be applied over C1, C2 , C3 and also C4 when it will be created.

Thanks,

Dory

0 0

Answer

APPROVED ANSWER

replied on July 3, 2013

Hi Dory-

No, there is no way to set security to say "apply to something X levels down". You can set security on the C folder with one of the "immediate children" scopes. Those would appliy to C1, etc. plus any more that you add. Note that it would also apply to documents.

If that doesn't work for you, hit us up with a use case and we may be able to come up with another option. Or bring to our development team for their consideration.

-Pieter

1 0

Replies

replied on October 17, 2013

Hi,

Reference to the same example:

Suppose B is the "Customer Number Folder" of a bank client. The bank has more than 200 000 Customers. For this case, your proposed solution will not work. To provide a user the ability to create documents inside C1, C2, C3 -- this requires to have on each folder the entry access right "Create Document". following your option, we will need to configure the access right 200000 times. If Laserfiche has my proposed feature, this will help a lot, since on A you will be able to provide the trustee, the access right to the level 4.

Thanks,

Dory

0 0

replied on October 17, 2013

Hi Dory-

This still doesn't paint a very clear picture of what your customer is trying to do. Is the idea that bank clients should have rights to add things into their folder? A manager of the account?

Obviously manually setting security on hundreds of thousands of folders is not practical. For cases like this, I would recommend using either Workflow to set the access rights, or Folder Filter Expressions.

If the security will need to change over time, then you'll want a setup that minimizes rework. For example, if you are setting access for internal people--and internal people will change based on promotion, new hires, etc.--then security should be set for groups that you can just move people in and out of.

0 0

replied on October 17, 2013

Hi,

I think it is not here the right place to discuss this requirement; it may be better to list this in the wish list or to escalate it to the system developers if possible.

To reply your questions:

1- It is a document controller group who will need to add documents or modify documents inside the customer folder. The same is also applicable in hospitals for patient files, in Universities for Student Records, in HR Departments for Employee Files, in Construction Companies for Projects Documents, in Insurance Companies for customers, etc...

2- Filter expression can only be considered to restrict the browse and read over some entries but it cannot control the EDIT Entry Access Rights. Access Right is always needed prior to setup a filter expression.

3- Workflow could be an option for my scenario, but the headache will come when it will be required to make some modification/updates for entries security access rights over the whole database.

I think my proposed feature is something very nice and strong for security setup if doable by Laserfiche. It reduces the effort in security management to the minimum for IT people.

Thanks,

Dory

0 0

You are not allowed to follow up in this post.

Question

Question

Entry Access Right Scope by Level

Answer

Replies

Sign in to reply to this post.