Effective Permissions

Effective permissions deal with the actions that a user is authorized to perform. A user's effective permissions are the sum of the permissions that were granted to the user and to the groups to which he or she belongs. For example, if a user has not been granted any privileges, but he or she belongs to at least one group that has been granted some privileges, that user's effective permissions will include those privileges. Additionally, Laserfiche security mechanisms are designed to overlap so that any attempted operation may require the appropriate rights in several security mechanisms.

Remember: Any trustee—Laserfiche or Windows users, and Laserfiche or Windows groups—can be a member of a Laserfiche group. This membership allows that user or group to inherit the permissions assigned to the group. There is no way to block a user's inheritance of a group's permissions. This is especially important for access rights, since denied access rights take precedence over allowed access rights. Therefore, if you do not want a user to inherit all permissions assigned to a particular group, you should remove that user from that group.

Access rights can be denied to a user or group. If a particular right has been denied to a user or to a group to which that user belongs, he or she will not be granted that right, even if he or she has also had that right allowed (either directly or as part of another group).  Denied status overrides the allowed status. The other topics in this section provide more information on how effective access rights are calculated.

How different types of security interact

• Interactions Between Permissions
• Access Rights Implications
• Effective Access Rights Calculation
• When do Security Changes Take Effect?

Viewing Effective Rights

• Viewing Effective Feature Rights and Privileges
• Viewing Effective Field, Template, and Volume Access Rights
• Viewing the Effective Rights for an Entry