Home →
Using LincDoc 3.1+ →
Frequently Asked Questions (FAQs) →
Security FAQs
25.3. Security FAQs
This topic contains frequently asked questions (FAQs) related to system and document security.
Note: If you have any suggestions for additional FAQ content, contact LincDoc Technical Support.
The following issues are described below:
How do you restrict individual user access to only the documents that user created, while allowing administrators full access to all documents?
The following procedure describes how to configure your LincDoc environment to allow individual users access to the documents they create, but only those documents (not those created by other users). At the same time, an administrator-type user is given access to all documents created by all users. This example uses a SQL repository. The process for other repository types (Laserfiche, DocuWare, etc.) will differ.
- Access the Admin dialog box for the form related to the documents whose view access you want to control.
- Verify that you have completed that necessary steps to set up the SQL repository field mappings for your eForm or Document Package.
- Specify a token-based system for all generated documents that places them in a specific folder in your repository and provides them with a name based on user-specific information. The specified folder is what will ultimately be used to control the security access, and all documents saved in the folder will inherit the security policy we create (below).
- On the Admin dialog box, verify that you are viewing the eForm or Document Package tab (the first tab).
- In the Token-based name text box, specify a string that will save all documents to the same folder.
For example, the string test/<<user:username>>.<<doc-meta:created-date:hhmmss>> will save documents in the folder called test, and will use the current user's username and a timestamp to automatically create the document's file name.
- Verify that your repository's security settings will correctly inherit the folder's security policy.
- On the Admin dialog box, click the Repositories tab.
- Locate the repository in which the documents will be stored.
- Click the repository's edit (wrench) button.
The repository's Configure dialog box appears.
- Click the Security tab.
- Verify that the Do not set a security policy - inherit policy from the parent setting is selected. (This is the default value when repository is set up.)
- If necessary, save your changes to the repository.
- Close the Configure dialog box.
- On the Admin dialog box, save your changes to the form by clicking the save button on the dialog box's toolbar.
- On the LincDoc toolbar, click the browse button.
The contents of the repository appear (in what is sometimes referred to as the Browse dialog box).
- Create the folder that will store all of the form's documents. This folder was specified earlier in the Token-based name text box (in this example: test).
- Right-click the top level node in your repository, and select new folder from the menu that appears.
The New folder name dialog box appears.
- Type a name for this folder in the name text box. For example: test.
- Click OK.
The new folder is added to your repository.
- Set the security policy for the new folder.
- Right-click the new folder, and select security from the menu that appears.
The Security for dialog box appears.
- Notice that the folder currently inherits its security policy (a message explaining this appears directly below the dialog box's toolbar).
- On the toolbar, click create policy.
The "inherit" message disappears, and the lower portion of the dialog box can now be edited.
- In the type column, click the everybody entry.
- In the Privileges for list, verify that no check boxes are selected.
- In the type column, click the owner entry.
The entry is highlighted, and the privileges for the type are displayed on the right side of the dialog box. This entry represents the creator of the document (the user who created it).
- Using the items in the Privileges for list (on the right side of the dialog box), restrict access to the owners (creators) of the documents stored in this folder. For example, you could select (check) the following options (these can vary, based on your needs):
- add_child (this privilege allows for the possible automatic creation of a document or subfolder based on the form's token name)
- history_read
- read
- read_by_id
- read_data
- show_edit_ui
- write
Your dialog box should appear similar to the example below. Note that you'll need to scroll up to see the add_child privilege.
- In the left column's title bar, click the + button to add an additional type to the list.
- Select group from the menu that appears.
The Select group dialog box appears.
- Select the appropriate authentication provider from the Provider drop-down list.
- Click the search button to locate all groups defined within this provider.
- Click the admin group (usually Administrators if using an internal security provider) from the list that appears.
- In the upper left corner of the dialog box, click select.
The new entry appears in the type list and is automatically selected (highlighted).
- Using the items in the Privileges for list, grant full access to the administrator-type users of the documents stored in this folder by selecting (clicking) all of the options.
- In the upper left corner of the dialog box, click save to implement the new security policy settings for the folder.
- Click OK to verify the action.
- Close the Security for dialog box.
- Verify that the folder security changes have taken effect.
- Right-click the test folder, and select security from the menu that appears.
- Click the owner type, and verify that only the previously specified privileges are still selected.
- Click the group type, and verify that all of the privileges are still selected.
- Close the Security for dialog box.
- Close the repository's Browse dialog box.