Question

Minimum Access for Laserfiche Import Agent service Account

Import Agent

Updated April 21, 2015

asked on April 20, 2015

Hi,

Note that I am actually using Import Agent to import from a network folder. LF logins are used to login to LF repository.

I would like to know what are the minimum rights that LF Import agent service account must have to be able to successfully import files from a network share on a domain.

Regards

Sweety

0 0

Answer

SELECTED ANSWER

replied on April 20, 2015

Some more notes from the help files:

Sufficient Laserfiche Rights

When creating a profile, you must specify how Import Agent should log in to the repository: using a Laserfiche account or via Windows authentication.

Note: If you select Windows authentication, the Windows account assigned to the Laserfiche Import Agent service will be used to log on to the repository.

The account you provide must have sufficient Laserfiche rights to perform all of the tasks specified in the profile. For example:

If the Laserfiche folder where files will be imported does not exist, the user must have rights to create it.
If you have configured Import Agent to insert or replace content when a duplicate document is found, the user must have rights to do so.
The user must have rights to create documents in the destination folder.
The user must have rights to the specified volume.
If you have configured Import Agent to assign metadata (e.g., templates, fields, tags), the account must have rights to do so.

1 0

replied on April 21, 2015

Thank you Carl

Windows Account will be used as LF Import Agent Service and a LF login will be used to login to the repository.

Well the service account was created in Active directory and needed to have log in as service permission there for it to be able to run a service.

Else everything mentioned by your previous post is very useful for overall configuration of the Import Agent.

Regards

Sweety

0 0

Replies

replied on April 20, 2015 • Show version history

Hello,

Permissions on the Network Share:

The service account needs rights to read the folder it's to read and list folder contents on the network folder. It does not need to browse to it or have permissions on the parent folders.

That would be the minimum required.

Depending on configuration, Import agent will want to move or delete the files after consumption into laserfiche. Then the service account would need to the windows rights necessary to move or delete as well.

If part of this configuration involves creating dynamic folders on the network drive, it will need Create Folders.

Any errors in permissions based on your import agent profile will be viewable in the Application Event Viewer on the machine hosting the Import Agent service.

These permissions should be set on the account which is configured to run the Import Agent Service.

Rights/Permissions within Laserfiche:

- Access to the repository - *Does not need a full named user license)

- Import - Feature Right

- Write/Create - Access rights on the folder within Laserfiche

These should be set on the account in the repository connection credentials specified in the Import Agent profile.

Errors relating to this will also be on the Application Event Viewer on the machine hosting Import Agent.

Cheers,

Carl

1 0

replied on April 20, 2015

Also, when configuring the service account to go out to the network share, if you elect not to provide browse/read permissions to the parent folders, you'll get an error from Import Agent when in the configuration manager saying, "Specified network folder does not exist" when it actually does.

If you have given permissions directly on the folder, you can safely ignore this error and files will import.

This is just relating to the configuration of the profile as it's doing some extra validating and "helpers" at time of configuration.

1 0

You are not allowed to follow up in this post.

Question

Question

Minimum Access for Laserfiche Import Agent service Account

Answer

Sufficient Laserfiche Rights

Replies

Sign in to reply to this post.