|
Security |
Scroll |
The security policy provides an extensive set of permissions that control a user's ability to search for, view and edit documents as well as use capture profiles and claim workflow tasks.
Security permissions can be set at various levels in the object hierarchy of the Thereforeā¢ Solution Designer. The Thereforeā¢ object, is the root of all other objects. Permissions set at this level can be inherited by lower level objects. This provides a convenient way to implement consistent security permissions throughout the Thereforeā¢ Document Management system. Alternatively security can be set individually for each object lower down in the hierarchy. (e.g., category security, keyword security, workflow, etc).
During installation an administrator and user group must be defined. These two groups are then added by default to Thereforeā¢.
The Admin group will by default have admin rights on the Thereforeā¢ object and all objects below.
The User group has typical read/write permissions on the Thereforeā¢ object and objects below. Note however, that on the Category object, in addition to the Read and Write permission sets this default User group also has one permission from the Delete set: "Delete document pages" and one from the Admin set: "Retention policy" (which allows a user to remove an individual document from a retention policy).
By default permissions are inherited by objects lower down in the hierarchy, but the inheritance can be broken if required.
For example if permissions on a group of HR categories should be different from the root category object, then a folder called "HR" could be created, and the HR categories moved to this folder. Then the inheritance on the HR folder could be broken and set as required. All categories in this folder would then inherit these permissions since they are still set to inherit permissions from their parent object. Another way of handling this would be to add a user or group and give them different permissions.
Be aware that using "Deny" will override "Allow". For example if a permission for a group is set to "Deny", but an individual user in that group has "Allow", then the user will have No access.
Group and user names:
Users and groups can be added and removed.
Permissions
Permissions can be allowed and denied.
User/Read
The user/group can view objects.
User/Write
The user/group can modify and save objects.
Operator
The user/group can execute configured options.
Administrator
The user/group has configuration rights.
Read permissions
The user/group can see what permissions have been set on the various objects in Thereforeā¢.
Set permissions
The user/group can modify the security settings for this object.
Inherit permissions from the parent object
This is the root object and hence this setting is grayed out.
Advanced permissions
There are no permission sets configured for this object and so the full list of permissions is displayed by default.
