Feature Rights and Privileges

Feature rights and privileges determine what actions users can perform across the repository. Unlike access rights and field rights, which are specific to particular documents, folders, and fields, feature rights and privileges control more general actions, such as the ability to print or export, move a copy, set access rights, or create and edit metadata definitions.

In general, feature rights control actions that basic users can perform on documents, such as scanning, importing, printing, and deleting. Privileges, on the other hand, control more high-level administrative actions, such as setting security, creating templates and fields, or configuring auditing. In general, you should be careful when assigning privileges to users, and they can be very powerful. Feature rights, which are less powerful, can be assigned more freely.

Feature rights work in conjunction with other types of security. In order to delete a document from the folder browser, for instance, a user must have both the Delete feature right (to allow them to access the delete command at all), and the Delete Entry access right on the document they want to delete (to enable them to delete that particular document.) The Delete feature right alone would not be enough to delete the document.

Important: Feature rights are enforced by client applications and should not be considered as a replacement for access rights. Take the previous example involving the Delete feature right. If a user does not have the Delete feature right, they will not have the option to delete documents from within the web client. However, that same user could still delete documents through other client applications that do not enforce feature rights. For example, a custom integration created using the Laserfiche API may not enforce feature rights, and could allow that user to delete documents if the user has sufficient access rights to delete documents.

Configuring Feature Rights and Privileges for a Trustee

  1. Open repository management by selecting the app picker and then selecting Repository Administration.
  2. On the left, select Users, and then select a user or group, or select Everyone.
  3. In the Rights tab, select a feature right or privilege to grant it, or clear it to remove that right.

    Note: If a user is inheriting a feature right or privilege, the right will be selected and grayed out.

  4. Click Save to save your changes. The change will take effect when the user next logs in.

Feature Rights

The following feature rights can be granted to users:

  • Scan: Scan into Laserfiche.
  • Import: Import files into Laserfiche.
  • Search: Search for documents and folders.
  • Print/Export: Print and export documents and folders.
  • Edit Text: Modify text in documents.
  • Move Entry: Move a document or folder from one folder to another, or pages from one document to another.
  • Process: Index documents and retrieve text from electronic files.
  • Extended Properties: View additional information about documents and folders, such as entry ID, indexing status, and the extension of associated files.
  • Delete: Delete documents, folders, and pages.
  • Apply Optional Watermark: Apply an optional watermark when exporting or printing a document.

Privileges

The following privileges can be granted to users:

  • Manage Entry Access: Browse to and configure security for all entries. This privilege allows the user to see (but not open) all entries in the repository, regardless of access right configuration. Users with Manage Entry Access can also view, restore, and delete all deleted documents in the recycle bin, and view all checked out or locked entries and release the check-out or lock.
  • Manage Templates and Fields: Create, edit, and delete all templates and field definitions. Users with this privilege can also modify field security. A metadata definition is the structure of the metadata item, not the value placed within it. For instance, elements of an Author field's definition include the field type, width, whether it's multi-valued or required, and what template it belongs to. The value of the Author field on a particular document is not part of its definition.
  • Create Templates and Fields: Create new templates and fields. Unlike Manage Templates and Fields, this does not allow you to modify existing template and field definitions.
  • Manage Stamps: Modify and delete existing stamps. (Stamp creation is governed by the Annotate entry access right.)
  • Manage Tags: Create and modify tag definitions.
  • Manage Links: Create and modify document relationship definitions.
  • Manage Repository Configuration: Administer general repository options as well as attributes on the Everyone group.
  • Purge Entries: Purge entries that you deleted from the recycle bin. In conjunction with Manage Entry Access, allows you to purge any entry in the recycle bin.
  • View Activity Log: Configure and view the repository's activity log. Any user can view the activity log for an entry for which they have the Read right; this privilege allows users to see the activity log for all entries, regardless of whether they have Read. The activity log is generally used in integrations and is only accessible via scripts; it cannot be viewed through the Laserfiche web client.
  • Bypass Browse: See the existence of all entries in the repository, regardless of whether the user has the Browse right for those entries or not. This can enhance performance, as Laserfiche does not need to calculate rights for each entry in each folder. Does not allow users to see documents if they are tagged with a security tag the user does not have or to see the contents of a folder if they do not have the Read right on the folder.
  • Manage Audit Settings: Specify which actions will be audited for which users and groups, and configure reasons for deletion, exporting, and printing.
  • Records Management: Create records management definition such as retention schedules and cutoff instructions in Repository Administration, and perform record actions such as cutoff and final disposition in the repository. Users with this privilege must still have other appropriate rights to view and modify records. The Records Management privilege is not necessary for viewing or modifying the contents of records, as long as a user has other necessary rights.
  • Edit Version Comments: Edit the existing comments on a document's versions. This privilege is not necessary for a user to create or edit their own version comments.
  • Delete Document Versions: Permanently delete individual versions from a document's version history. Deleted versions will not be sent to the recycle bin.