You are viewing limited content. For full access, please sign in.

Question

Question

New repository security

Version 9 Laserfiche
Updated April 9, 2015
asked on April 9, 2015

I've created a second repository and the default group 'Everyone' is applied automatically to the root. In this case is 'Everyone' restricted to the users within the new repository? Or does Everyone include users from the original repository.   Is having read access to the repository root what determines who can attach to a given repository?

0 0

Answer

SELECTED ANSWER
replied on April 9, 2015

The Everyone group is per repository only. Entry Access rights (i.e. the Browse, Read, etc. rights that are set within the repository) are only applicable after a user connects. It's the Authentication setting in the trustee properties (from the Laserfiche Administration Console) that determines if a user can log into a repository or not. By default, this is set to "Not set" for the Everyone group, meaning that authentication will be determined at the user/Windows Account level.

0 0

Replies

replied on April 9, 2015

Thanks, I never noticed that setting distinction on the Everyone group before.  Does this authentication setting also prevent users from seeing the repository on the client login screen?  

Second, once I've built out folders is there any reason for any access rights to be assigned at the root level at all? Or does the Everyone group need to sit at the root for some reason.

0 0
replied on April 9, 2015

The repositories that appear in the Client start page are handled in a few ways.

  1. If the Client is configured to "Scan Network for Repositories" then it will display any repositories hosted on a Laserfiche Server that has published its service connection point.
  2. If the user manually attaches a repository. Note that this option saves the repository information into the registry.

Starting in Laserfiche 9.1.1 SP1, a registry modification can make it so that the Laserfiche Server doesn't publish its service connection point upon restart. Then you can delete the service connection point that had already been pubilshed. This should make it such that those repositories don't show up anymore if they were just found by scanning the network for repositories.

However, there isn't a good way to keep users from finding a repository if they were to manually attach it and they know the server name.

For the second question regarding the entry access rights, you don't need to give the Everyone group rights at the root folder level. Depending on how your security structure is configured, you may not need to have any rights configured for anyone at the root. However, for testing purposes, it might be good to have an administrator type user with all rights set up at the root and scoped for all folders, subfolders, and documents. That's entirely up to you though.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...