Today I want to talk about Perceptive Content User and Group Security.
We’ll dive into the ins and outs of assigning privileges, both at the manager and department manager level. I’ll show you how the privilege hierarchy works, and then we’ll dive into a demo which shows how to assign privileges to users and groups at a management level, global level, and the drawer level.
Who can assign privileges? Well, a user with management privileges, a manager, or the owner can assign privileges to users and groups. Perceptive managers can assign any global privilege while department managers assign privileges that only apply in context of the department that they manage.
You can assign a privilege using one of three actions. Grant a privilege by allowing it, revoke a privilege by denying it, or chose not to set a privilege assignment at all, which would result in a soft deny. A soft deny means the user would not have the privilege unless they inherit it from a group that they belong to that allows this privilege.
To determine the effect of privileges, perceptive content evaluates all of the privilege assignments given to a user, and the privilege assignments the user inherits from groups that they user is a member of. Then it determines which privilege assignments get priority. Looking at the privilege hierarchy will give us a better understanding.
When user privileges and group privilege are different, or when a user belongs to several groups in which the privilege assignments differ, perceptive content assigns privilege hierarchy rules to resolve the privilege. The table shows the privilege hierarchy, where user privileges are a higher priority than group privileges and that denied privileges are higher priority than allowed privileges.
The first example would be a user belongs to a group that denies the privilege to delete a document, however that user is specifically granted the privilege to do so. The user will have access to delete the documents since the user privileges override the group privileges. A second example would be a user belonging to two different groups in which one group allows the privilege to delete the document, and the other group denies it. The user will be denied access to delete documents since the deny privilege overrides the allow privilege.
Just as a best practice tip, it’s important to organize your users in a way that makes sense with your business process. Typically users within the same role should have the same privileges. We recommend that you assign privileges at a global and drawer level within groups for easier maintenance rather than assigning granular privileges at the document type or user level.
All right. Now I’ll show you a little demo on how to assign the privileges. First you’ll log into Perceptive Content and open up the management console. If you’re looking to assign the global privileges first like we recommend, you’ll want to be in the cross department settings. Then go to groups, choose your group, and open up the privileges. Here you can see which global privileges are available. This is where you typically want to set the privileges for batch processing, if your process requires you to link within batch, then here’s an example of setting that privilege here. I just allowed this group the privilege to link within batch.
If I wanted them to not be able to do so, this is a hard deny, but like I mentioned earlier if you just leave it blank, then they automatically would have that soft deny, which would not allow them to do so.
If you want to assign privileges on a drawer level, you’ll want to go within that department, select groups, select the group you want to assign, click on privileges, and here’s the drawer privileges here. You want to make sure that you have the drawer selected that corresponds with the group that you’re assigning, and here you can add or deny any of the privileges listed. If you want to assign a user management privileges within a department, then click on the department privileges, and here are the options that you can give a user to manage.
That’s it for today. Feel free to contact us if you have any questions. You can visit our website, at www.rpic.com, and make sure to visit our RPI Consultants YouTube channel for more informational videos. Thanks.