|
|
Securing Documents |
|
|
|
|
|
|
|
Securing Documents |
|
|
|
|
|
Securing Documents
|
|
|
Securing Documents |
|
|
|
|
|
|
|
Securing Documents |
|
|
|
|
|
|
|
||
Assigning Rights to a Document
Any new documents created in Docsvault will automatically inherit the rights defined for its parent cabinet / folder. Docsvault allows you to customize the security rights or select from the predefined Template.
Administrator or the Owner of the document, may alter these default (inherited) permission settings.
When Owner change the permission settings for a document, they may only grant permissions to users who are members to the cabinet/folders in which the document reside.
Make sure that you also select the appropriate access type from the drop down list box.
•Select the document you wish to assign rights and then right click to bring up the popup menu.
•Click on the Properties to open the Properties window.
•In the Properties window, click on Security tab.
|
Assigning rights to a document |
•Select the appropriate access type:
From Parent:
This feature allows the setting of security inheritance at the folder level. Once a folder is set to inherit its security from a cabinet, all subsequent sub-folders will automatically inherit their security settings from the parent folder. Use this option in instances where you plan on giving the same set of users identical rights in most of the sub-folders below. You can always go to any folders that are the exception and adjust their security accordingly. But using inheritance will save you the time of having to apply the same security to multiple places.
Customize:
If you wish to maintain a different set of rights for different individuals documents depending on the sub-folder, use Customize.
Even if you had chosen to use inheritance From Parent, you may undo this by navigating to the folder in which you wish to discontinue inheritance. Display security settings by navigating to the "Properties" and selecting "Security". In the "Security" tab, Customize. This will allow you to assign a customized set of security that does not depend on the parent folder's security settings.
From Template:
This option allows you to assign from predefined set to security structures without having to enter detailed settings manually. Administrator can define multiple Security templates for folder and file structures in Document Management Server.
•Click on appropriate button to add, edit or remove the rights.
•Apply to subfolders and files: Setting this option while assigning permissions allows you to specify that a sub folder or a file should inherit its permission list from its parent folder. This is optional, but recommended, because it dramatically reduces the time needed to apply security to child folders.
•Owner: You can change the ownership of the existing documents by selecting this option. For instance: In the screenshot below, the ownership of the existing file/folder will be owned by the user 'Jennifer'.
•Ownership Override Setting: By default, any user that imports or creates a file or folder in Docsvault becomes the owner of that document. However in many cases it may be desired that the ownership of such documents stay with a higher level user like a manager of an administrator. Using this ownership override feature you can specify a user who will own all documents created by this user. For instance: In the screenshot above, the ownership of file/folder imported by any privilege user '' will be owned by the Overriding user 'Jacob'.
Documents Securities
Location and File Based Security Rights
These securities can be applied to a cabinet, folder or a file in Docsvault repository from the Docsvault Client application. Note that these are not system wide rights and users or groups can have different rights on different folders and files. The following rights are in increasing order of privileges.
Files and Folder Rights
As seen in the screen above, these rights can be assigned to both users and groups. The following explanation mentions users only for simplicity of understanding.
List
Users with this right can only list the documents. They will not be able to see the contents of the documents or the associated notes and tasks. Such a right is useful when there is a need to give rights to a user/group to a deep sub-folder only and prevent them from seeing or accessing contents of any other folder in the folder hierarchy.
To view the contents of a cabinet or a folder in Docsvault, you must at least have the 'list' security right on the cabinet/folder.
|
Preview
Users with this right can preview documents such as PDF and image files in the Docsvault Preview Window. They will only be able to see the contents of the documents but will not be able to edit them. However, they can route the document as a task to other users. They can also add notes in the 'Document Notes' section.
To view the contents of a file in Docsvault, you must at least have the 'Preview' security right on the file. The Preview right is also the best suited right for preventing users from taking information out of Docsvault while still allowing them to see contents of any image or PDF file.
|
Read
Users with this right have read only access to documents, they do not have a right to add, checkout or update any exiting documents. The difference between Preview and Read rights is that users with read right can view any type of file by opening it up in its default application (eg. opening a .doc file in MS Word application) where as users with preview rights can view only PDF and image documents in Docsvault preview window. Users with read right can also view the audit trail, view version history.
New File
Users with this right on any folder will be able to import, scan and paste a new file within that folder. They can also add notes in the 'Document Notes' section. However, they cannot overwrite an existing file or create a new version of it.
New Version/Check Out
In addition to all above rights, users with this right will be able to create a new version of any file, edit description and version notes, change/assign flags, assign sections, append pages to exiting PDFs and change the document's profile values. However, they cannot overwrite or delete an existing file; they have to create a new version in order to add information to the document.
Undo Checkout
Users with this right can override the checkout lock that is placed on a document automatically when a document is checked out by any user
Overwrite/Delete
Users with this right have the ability to cut, delete, rename, and overwrite files
Change Security
Users with this right can change the security settings of a document
Change Owner
Users with this right can change the ownership of the documents
• All these access rights are grouped in that each access right contains the rights of the one before it.
For example: A user is assigned the right of 'Delete'. Automatically, he/she will have the permission of List, Preview, Read, New Version/Check out, Undo Checkout and Overwrite. |
Along with the above rights, the users can be separately assigned the below rights that are not part of the above hierarchical rights. In other words, a user can have just the list right and still have the right to export so although that user will not be able to open that document from Docsvault, he/she can export it and open it from outside Docsvault. Please choose the following rights carefully.
New Folder
Users with this right will be able to create a new folder.
Export
Only users with this right will be able to directly print and export documents outside Docsvault such as drag and drop to the local computer, printing document from the Preview window, export document, sending documents as email attachments and burn to CD/DVD. A minimum of read right is required to enable the export right.
The export right will basically prevent mass export of data from Docsvault. However If a user has right to 'read' any document, he/she can export it indirectly by just opening that file in any external application and then use ‘save as’ to save the file outside of Docsvault or use the print function to print that document.
The best right to prevent users from taking information out of Docsvault (other than taking screenshots) would be the new ‘Preview’ right. This right would only allow preview of image and PDF files in the Docsvault Preview window. |
Set Available Profile
Users with this right have permission to change the profile type assigned to documents.
System Rights
Depending on the functionality of an individual or group within the organization, a user/group can be assigned rights to the following system features that are not based on files and folders.
System Rights
Create Cabinet
Users with this right can create a new cabinet. Since cabinet is a main level of organization, it is recommended that only few people have this right in the organization.
Create Folder Section
Users with this right have can create sections for any folder throughout the repository.
Folder sections are virtual partitions of a folder and not real sub folders. For example, a patient folder can have different sections such as History & Physical, Reports, Doctor's Notes, Claims, etc... |
Create Profiles/Indexes
Users with this right can create and edit profiles and index fields.
Indexes are custom fields that you can create to assign more information to a document or folder. Profiles are simply a group relevant indexes suitable for certain purpose. For example, an 'Account Payable' profile could have index fields like Vendor, Invoice Date, Amount, Due Date, etc. |
Edit Audit Settings
Users with this right can enable and set logging of any specified events or actions performed by any user. You can set audit settings multiple files, folders or even entire cabinets.
Run Audit Queries
Users with this right can query the audit log of all events performed on documents marked for audit logging
Customize Flags/Icons
Users with this right can change icons to represent cabinet and folder and also create new document flags, edit or delete existing ones.
Create Templates
Users with this right have can create predefined folder, security, audit and profile templates which can be applied to files and folders being imported into Docsvault.
• Templates are predefined set to structures that can be used when necessary without having to enter detailed settings manually. You can define multiple templates of folder and file structures and properties like security, allowed profiles and audit trial settings. |
Empty Recycle Bin
Only administrators and users with the 'Empty Recycle Bin' right will be able to permanently delete a document from the Recycle Bin.
The following example describes how users may be practically assigned rights to perform specific tasks. Let's say you want to assign most of the available folder permissions to a group of users in the 'Accounting' group on the 'Accounts' folder, but you only want to give the departmental manager the permission to set and monitor audit trail logging that records all actions performed by any user on the 'Accounts' folder.
In this case the departmental manager should be a part of the Accounting group, but for purposes of his/her role as a manager, this user should be assigned the 'Edit Audit Settings' and 'Run Audit Queries' system rights to enable him/her to set and query the audit trial logs
|
