Creating a User

When creating a user, you should specify the name of the user, its group membership, feature rights, privileges, tags, and audit events.

Note: The configuration of audit events on a per user or per group basis is only available if you have purchased and enabled the Standard or Advanced edition of Laserfiche Audit Trail. For more information, see Determining which Events are Logged.

Before creating a user, consider that:

  • By default, the Admin user has sufficient permissions to create a user. The appropriate permissions can also be granted to other users.
    • The ability to create a user requires the Manage Trustees privilege.
    • The ability to assign privileges to a user requires the Set Trustee Privileges privilege.
    • The ability to assign tags to a user requires the Manage Tags privilege.
    • The ability to configure auditing options requires the Manage Audit Settings privilege.
  • A user account name can consist of any combination of letters, numbers, and symbols except the backslash (\), at symbol (@), or colon (:). Additionally, the dollar sign ($) cannot be the last character in a user account name.
  • A user account name can have a maximum length of 47 characters.
  • A user account description can have a maximum length of 79 characters.
  • A password can have a maximum length of 31 characters.

To create a user

  1. Start the Laserfiche Administration Console.
  2. In the console tree, expand the desired Laserfiche Server.
  3. Select the desired Laserfiche repository.
  4. If security has been enabled on that repository, log in as any user who has been granted the Manage Trustees privilege for the specified repository.
  5. Expand the Users and Groups node.
  6. Click the ClosedUsers node.
  7. From the Action menu, select New User to display the New User dialog box.
  8. Type the name of the new user in the Name field of the General tab.
  9. In the Description field, you can optionally type a description to store additional information about the user, such as their role or title.
  10. Determine how this user will log in to the repository.
    • Password Authentication: Make sure the Allow users to log in with password check box is selected and enter a password in the Password field. Retype it in the Verify Password field. Alternately, click the Generate Password button to generate a random password for the user.
    • Linked Windows Account: Click Browse... and browse to the Windows user you want to link with the account.
    • Note: Linking a Windows account to a Laserfiche user is not the only way to allow Windows authentication. You can also add a Windows account directly; see the Windows Accounts topic for more information. If a Windows Account has been linked with a Laserfiche trustee and added independently in the Windows Accounts node, the Laserfiche trustee settings will take precedence and the direct Windows Account settings will be ignored.

  11. Optionally, if you are using password authentication, you can configure additional password settings. See Password Policy for more information.
  12. If you are using Laserfiche Rio or Laserfiche Avante, the Repository Named User option will be available. See Named Users, Named Accounts and Named Devices for more information.
    • Laserfiche Avante: Select the Repository Named User option to add this user to the Named Accounts list. Clear the option to remove this user from the list.
    • Laserfiche Rio: Open the Repository Named User option and select Full to allocate a full Named User license to this user, Retrieval to allocate a retrieval Named User license, or False to remove this user from the Named User list.
  13. To force this user to use a read-only connection, select Only allow read-only access. Note that this will have no effect on users with the Manage Trustee privilege.
  14. To temporarily prevent the user from logging in (for instance, if you are doing maintenance or want to configure security for the user later), select Disable this user. To re-enable, clear this option.
  15. Click the Groups tab. Select the groups that should be assigned to the user and click Add. See Assigning Users to Groups for more information.
  16. Click the Rights tab and grant the desired feature rights and privileges to the new user.
  17. Click the Tags tab and grant the desired security tags to the new user.
  18. Optionally, click the Auditing tab and configure auditing for the user, if you are using Standard or Advanced Audit Trail. For more information, see Determining which Events are Logged.
  19. Optionally, click the Attributes tab and modify attributes for the user. For more information, see Trustee Attributes.
  20. Click OK to finish creating a user.

To create a user

  1. Open the Repository Administration page. Sign in as any user who has been granted the Manage Trustees privilege for the specified repository.
  2. Click Users.
  3. Click the Add button and select whether you are adding a Repository, Windows, Laserfiche (meaning Laserfiche Directory Server), or LDAP user. Depending on which edition of Laserfiche you have, some of these options may not exist.
  4. The dialog box that appears depends on the type of user you selected in the last step.
    1. If you chose a Repository user, enter the name of the repository user account under Repository account. The following steps are optional:
      1. Under Groups, select the downward-pointing arrow and select all the groups that the user should belong to.
      2. Under Type, select Read-write if you want the user to be able to modify repository contents, and Read-only if you want them to only read repository contents. Note that the Read-only setting will have no effect on users with the Manage Trustee privilege.
      3. If you sign in as a system manager, you can also select, under Repository named user, whether the user will take up a Retrieval, Full, or Restricted named user license.
      4. Under Authentication, if Allow user to sign in with a password is selected, you can enter a password for the user to sign in. The password has to be entered twice to be verified. Clicking on the Generate button will generate a random password for the user.
      5. Select Ignore maximum password age if you want the user to be exempt from any scheduled automatic expiry of their password.
      6. Select User cannot change password if you want to prevent the user from being able to change their own password.
      7. Select User must change password at next sign-in if you want to force the user to set a new password when they first sign in. If you choose this option, you also have the option of selecting Temporary password expires after Number hours and specifying the Number in that option.
    2. If you chose a Windows user, enter the name of the Windows account you want to add. You can click on the Search button to look for Windows accounts. The following steps are optional:
      1. Under Groups, click on the downward-pointing arrow and select all the groups that you want the user to belong to.
      2. Under Type, select Read-write if you want the user to be able to modify repository contents, and Read-only if you want them to only read repository contents. Note that the Read-only setting will have no effect on users with the Manage Trustee privilege
      3. Under Directory named user, select True if you want the user to be a Directory named user.
      4. Under Authentication, choose between the three types of authentication statuses.
    3. If you chose an LDAP user, enter the name of the LDAP account you want to add. You can click on the Search button to look for LDAP accounts. The following steps are optional:
      1. Under Groups, click on the downward-pointing arrow and select all the groups that you want the user to belong to.
      2. Under Directory named user, select True if you want the user to be a Directory named user.
      3. Under Type, select Read-write if you want the user to be able to modify repository contents, and Read-only if you want them to only read repository contents. Note that the Read-only setting will have no effect on users with the Manage Trustee privilege
      4. Under Authentication, choose between the three types of authentication statuses.
    4. If you chose a Laserfiche user, type under Laserfiche account the name of the Laserfiche Directory Server user whom you want to add. You can click on the Search button to look for Directory Server accounts. The following steps are optional:
      1. Under Groups, click on the downward-pointing arrow and select all the groups that you want the user to belong to.
      2. Under Type, select Read-write if you want the user to be able to modify repository contents, and Read-only if you want them to only read repository contents. Note that the Read-only setting will have no effect on users with the Manage Trustee privilege.
      3. Under Authentication, choose between the three types of authentication statuses.
  5. Click OK to save your changes.