Assigning and Removing Entry Access Rights to an Entry

Entry access rights are assigned on a document or folder to:

There are a variety of different entry access rights that can be applied to documents and folders. See information about specific entry access rights.

When assigning a user's or group's entry access rights to a folder, you will need to determine scope: if the assigned rights can affect the current folder, subfolders, and/or documents contained in the current folder. The Inheriting Entry Access Rights topic explains the different types of scopes and how entry access rights are inherited.

The following sample scenario demonstrates the impact that scopes have on entry access rights. The SALES group requires the ability to see all subfolders, but not the documents contained in the parent folder. In that case, grant the Browse and Read entry access right on the folder to the SALES group using the "This folder, subfolders and documents" scope. You would then deny the Browse entry access right on the folder to the SALES group using the "Documents that are immediate children only" scope. This creates a configuration where members of the SALES group can view the contents of all subfolders, while still preventing them from knowing if the parent folder contains documents.

Entry access rights can be assigned to a document or folder through the Entry Access dialog box from the Laserfiche web or Windows client.

To assign or remove entry access rights

  1. Start the Laserfiche Windows client and sign in to the appropriate repository as a user with either the Manage Entry Access privilege or the Read entry security entry access right on the entries you want to secure.
  2. Select the appropriate folder or document you want to secure.
  3. Right-click the document or folder and select Access Rights. The Entry Access dialog box that appears allows you to set access rights for all users.
  4. The top half of the Access Rights tab contains a list of entry access rights settings that affect the selected document or folder. The bottom half of the tab contains a list of available entry access rights.
    • To modify an existing set of access rights, select a trustee from the list. If the list of rights is accessible, you can Allow, Deny, or clear the various rights for different scopes. If the list is grayed out, the rights are inherited from a parent folder and must be modified on that folder.
      • Allow: If a user has been allowed a right, either directly or through a group they belong to, they will have that right unless they have also been denied it.
      • Deny: Denied rights always take precedence, so that if there is an accidental conflict in rights, documents will be less accessible rather than more accessible. For instance, if a user has been Allowed a right, but one of their groups has been Denied it, they will not have that right.
      • Blank: If a right is left blank, neither allowed nor denied, access to that entry is determined by inheritance from parent folders. However, if there is a rights conflict between allowed or denied rights and blank rights, the rights that are specifically allowed or denied will take precedence.
    • To add a new set of access rights for a trustee not in the list, click Add.... This will open the Create Access Control Entry dialog box.
      1. In the Select a trustee option, select the trustee you want to add. Note that you can add the same trustee more than once if you want to specify different scopes for different rights.
      2. In the Scope Selection option, select the scope you want to apply. For instance, if you want folders, subfolders, and documents to inherit this right, select This folder, subfolders and documents.  If you want only documents to inherit this right, select Documents only. Learn more.
      3. Click OK. The user or group you chose to add should now be displayed in the Trustee listing.
      4. In the Entry Access dialog, add or remove rights as above.
  5. Select the Inherit rights from parent and include with specified rights option to allow the current document or folder to inherit access rights. Note that this will apply to all users who attempt to access the entry.
  6. Optional: To remove all entry access rights from a trustee, select the trustee and click Remove.
  7. Click OK to save your changes.

To assign or remove entry access rights

  1. Open the Laserfiche web client for the appropriate repository. Sign in as a user with either the Manage Entry Access privilege or the Read entry security entry access right on the entries you want to secure.
  2. Navigate to the folder containing the entry you want to secure.
  3. Right-click on the entry and select Show Security.
  4. To modify an existing set of access rights, select a trustee from the list displayed in the Access Rights tab. If the list of rights is accessible, you can Allow, Deny, or clear the various rights. If the list is grayed out, the rights are inherited from a parent folder and must be modified on that folder.
    • Allow: If a user has been allowed a right, either directly or through a group they belong to, they will have that right unless they have also been denied it.
    • Deny: Denied rights always take precedence, so that if there is an accidental conflict in rights, documents will be less accessible rather than more accessible. For instance, if a user has been Allowed a right, but one of their groups has been Denied it, they will not have that right.
    • Blank: If a right is left blank, neither allowed nor denied, access to that entry is determined by inheritance from parent folders. However, if there is a rights conflict between allowed or denied rights and blank rights, the rights that are specifically allowed or denied will take precedence.
  5. To add a new set of access rights for a trustee not in the list, search for a trustee or select one from the Add trustee field. Click Add when you have found the trustee you want. Follow step 4 to assign rights to the newly added trustee.
  6. To remove all entry access rights from a trustee, click the X beside the trustee.