Field access rights secure field information by determining who can view and/or modify field data. Field access rights do not apply to a template as a whole. Instead, field access rights are individually assigned to each field in a template, allowing you to determine the amount of access that a user will have on each field.
Template access rights secure the template definition. Without the appropriate template access rights, a user will not be able to modify or delete a template.
When to use template and field access rights
In addition to securing access to a document, you should also consider securing field and template data. Field access rights allow an administrator to prevent unauthorized users from viewing or setting field data without limiting other access to the document. Template access rights control if a user can view or modify templates.
You should keep the following best practices in mind when configuring field access rights:
- A field can be hidden from a user by disallowing the Read field access right on the desired field. Keep in mind that the content of a document may contain some of the data stored in that field. If you don't want a user to view that data, redact the document or deny unauthorized users access to it.
- A template can be hidden from a user by disallowing the Read field access right for that template for the user.
- If a user only needs to be able see field data, but not modify it, you should disallow the Create and Edit field access rights.
- Keep in mind that the Write Metadata entry access right and the Edit field access right are both required to modify field data. This allows you to set general field modification policy through field access rights and restrict it even further using the Write Metadata entry access right.
- If a user only needs to set field data when a document is being created, allow the Create field access right and disallow the Edit field access right. The Write Metadata entry access right is not required under these circumstances.
- Note that if a field is Required, it must be filled before the document can be saved. Be sure that those users who will be creating the document have the appropriate rights to view and populate the field at creation.
- You can use the Modify Template right to allow users to add, remove, and reorder fields in a template.
Note: An exception to the configurations proposed above occurs when you only need to restrict field access rights for a few groups or users. In that case, it would be quicker to simply deny the desired field access rights on each of those groups or users. The field access rights assigned to the Everyone group will ensure that all other users will still be able to create, modify, and view field data.
Free Training: Supplemental Security in the Laserfiche Repository eLearning course in Aspire.
Learn more