You are viewing limited content. For full access, please sign in.

Question

Question

Is is possible to change a Windows Account Named user to another, while preserving the Access Rights?

Laserfiche License Manager Version 9 Administration Security
Updated December 12, 2014
asked on December 11, 2014

Hello,

 

I have a case where a Rio Repository has a very complex Access Right security setup over folders, subfolders, documents, etc. All users are using Windows Authentication, and the Access Rights are all configured for Windows Accounts, not for Laserfiche users.

 

It happened that we need to replace one user by another, so olduser@company will be replaced by newuser@company.

 

Is there any way to replace the windows accounts in such a way that we don't need to re-assign the Access Rights for the new user?

 

This will save a lot of time...

 

Thank you for your ideas and best regards,

 

Ignacio PdeA

BMB sal
 

0 0

Replies

replied on December 11, 2014

There isn't a direct way to do this. You would need to use WF or the SDK to scan through the repository, identify all the rights currently assigned to the first user and replicate them to the second user. You could also theoretically do it manually by checking the db tables for all entries containing an ACL for user A and then manually adding user B. All access rights are configured based on the users SID, so they can't just be transferred.

For what it's worth, this is why I often recommend setting up as much security as possible through Laserfiche Groups, even if the environment is all windows authentication. Then the security is based on the role, not the user, and you would simply need to swap in the new user into the group when a situation like this happened. As such, I recommend using Groups as much as possible, even if it's a group of one. That may not have worked for your scenario, and I realize that doesn't help you in this specific situation, but it may be a way to avoid having to do this a second time in the future. 

0 0
replied on December 12, 2014

The other option is to use groups to control your security and access right/privileges.  Then you would just remove olduser@company from the group and add newuser@company to the group.  Security is set up 1 time and users can be easily moved in and out.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...