LF Cloud Permissions Reference

✅ Updated 4/6/2022 by FreeDoc

Types of Rights

Group Description Access
User/Group Access Rights User/Group control access to the various components within the access portal. Account > Users > Users OR Groups > Select a User or Group > Security and Access
Feature Rights Feature rights control actions that basic users can perform on documents, such as scanning, importing, printing, and deleting. Repository Administration > Users > Users OR Groups > Select a User or Group > Rights
Privileges Privileges control high-level administrative actions, such as setting security, creating templates and fields, or configuring auditing. Repository Administration > Users > Users OR Groups > Select a User or Group > Rights
User/Group Entry Access Rights Access rights determine what documents and folders a user can see and open, and what actions they can perform on those documents and folders. In the repository, right-click on the folder/document to set rights
Field and Template Access Rights Field and template rights allow you to control how fields can be accessed and modified in your repository. Repository Administration > Metadata > Templates > Select a Template > Security

User/Group Access Rights


Presets

Use the drop-down menu to choose one of the following options:

  1. Full Rights: Selecting this option allows the user full access rights to Laserfiche Account Administration, Public Portal, and Process Automation. In addition to this, the user will have rights to grant themselves full access in the Laserfiche Repository.
  2. Inherit All: Selecting this option means the user’s access rights will be inherited from the user’s group membership.
  3. Remove All Rights: Selecting this option means the user will not have any access rights to the Laserfiche Repository and Process Automation. User will not have any access rights to Account Administration and Public Portal unless inherited by the user’s group membership.

Security and Access

Account

  • Account AdministrationAllows the user account full access to the Laserfiche Cloud Account Administration site.
  • Billing AdministrationAllows the user account to view the Plan tab and Billing tab (if applicable) in the Laserfiche Cloud Account Administration site.
  • Trustee AdministrationAllows the user account to view the Users tab in the Laserfiche Cloud Account Administration site.

Repository

  • Access to RepositoryAllows the account to sign in to the Laserfiche Repository and view documents.
  • Set Laserfiche PrivilegesAllows the account to manage privileges for the Laserfiche Repository through Repository Administration.
  • Access to Repository ManagementAllows the account to access Repository Administration.
  • Audit ReportingAllows the account to generate and view audit reports on the Laserfiche Repository.
  • Laserfiche Web Configuration ManagerAllows the account to configure the default toolbar buttons for the entire repository. These defaults will be used instead of the generic repository defaults for any user who has not customized their toolbar. This role also allows the account to lock down toolbar configuration for other users.

Public Portal

  • Public Portal AdministratorAllows the account to access the Public Portal Designer.

Process Automation

  • Access to Process automationAllows the account to sign in to Process Automation.
  • Process AdministratorAllows the account full access to Process Automation, including full administrative rights.
  • Process Asset AdministratorAllows the account to administer files, holidays, profiles, repository contents, and work schedules in Process Automation.
  • Process DeveloperAllows the account to create and modify workflows, rules, starting events, teams, and entities.

Developer Console

  • Access to Process automationAllows the account to sign in to Process Automation.
  • Process AdministratorAllows the account full access to Process Automation, including full administrative rights.
  • Process Asset AdministratorAllows the account to administer files, holidays, profiles, repository contents, and work schedules in Process Automation.
  • Process DeveloperAllows the account to create and modify workflows, rules, starting events, teams, and entities.
  • Process ManagerAllows the account to view and start business processes and to modify rules.

Feature Rights


  • ScanScan into Laserfiche.
  • ImportImport files into Laserfiche.
  • SearchSearch for documents and folders.
  • Print/ExportPrint and export documents and folders.
  • Edit TextModify text in documents.
  • Move EntryMove a document or folder from one folder to another, or pages from one document to another.
  • ProcessIndex documents and retrieve text from electronic files.
  • Extended PropertiesView additional information about documents and folders, such as entry ID, indexing status, and the extension of associated files.
  • DeleteDelete documents, folders, and pages.
  • Apply Optional WatermarkApply an optional watermark when exporting or printing a document.

Privileges


  • Manage Entry AccessBrowse to and configure security for all entries. This privilege allows the user to see (but open) all entries in the repository, regardless of access right configuration. Users with Manage Entry Access can also view, restore, and delete all deleted documents in the recycle bin, and view all checked out or locked entries and release the check-out or lock.
  • Manage Templates and FieldsCreate, edit, and delete all templates and field definitions. Users with this privilege can also modify field security. A metadata definition is the structure of the metadata item, not the value placed within it. For instance, elements of an Author field’s definition include the field type, width, whether it’s multi-valued or required, and what template it belongs to. The value of the Author field on a particular document is not part of its definition.
  • Create Templates and FieldCreate new templates and fields. Unlike Manage Templates and Fields, this does not allow you to modify existing template and field definitions.
  • Manage StampsModify and delete existing stamps. (Stamp creation is governed by the Annotate entry access right.)
  • Manage TagsCreate and modify tag definitions.
  • Manage LinksCreate and modify document relationship definitions.
  • Manage Repository ConfigurationAdminister general repository options as well as attributes on the Everyone group.
  • Purge EntriesPurge entries that you deleted from the recycle bin. In conjunction with Manage Entry Access, allows you to purge any entry in the recycle bin.
  • View Activity LogConfigure and view the repository’s activity log. Any user can view the activity log for an entry for which they have the Read right; this privilege allows users to see the activity log for all entries, regardless of whether they have Read. The activity log is generally used in integrations and is only accessible via scripts; it cannot be viewed through the Laserfiche web client.
  • Bypass BrowseSee the existence of all entries in the repository, regardless of whether the user has the Browse right for those entries or not. This can enhance performance, as Laserfiche does not need to calculate rights for each entry in each folder. Does not allow users to see documents if they are tagged with a security tag the user does not have or to see the contents of a folder if they do not have the Read right on the folder.
  • Manage Audit SettingsSpecify which actions will be audited for which users and groups, and configure reasons for deletion, exporting, and printing.
  • Records ManagementCreate records management definition such as retention schedules and cutoff instructions in Repository Administration, and perform record actions such as cutoff and final disposition in the repository. Users with this privilege must still have other appropriate rights to view and modify records. The Records Management privilege is not necessary for viewing or modifying the contents of records, as long as a user has other necessary rights.
  • Edit Version CommentsEdit the existing comments on a document’s versions. This privilege is not necessary for a user to create or edit their own version comments.
  • Delete Document VersionsPermanently delete individual versions from a document’s version history. Deleted versions will not be sent to the recycle bin.

User/Group Entry Access Rights


  • BrowseThe ability to see if a document, folder, or shortcut exists.

    ✅ The Browse entry access right is not sufficient to open a folder or a document. The Read entry access right is also required.

  • ReadThe ability to see the contents of a folder or document. This also allows you to see annotations on the document.
  • Modify ContentsThe ability to modify the contents of a document, including adding, removing, or modifying a pages, making changes to an electronic document, or generating text from a document. Implicitly grants the Read right.
  • Append DataThe ability to add pages to a document or move existing pages into a document. If a document has not already been assigned text, this right grants the ability to generate the text of a document via OCR. It does not grant the ability to reorder or remove pages. Implicitly grants the Read right.
  • Delete EntryThe ability to delete a document or folder. When deleting a folder, you must also have the necessary rights to delete all entries that reside in the folder. This right does not allow you to delete pages or text from a document.
  • RenameThe ability to rename a document or folder.
  • Delete Document PagesThe ability to delete pages from a document. Implicitly grants the Read right.
  • AnnotateThe ability to add, modify, and remove annotations (not including redactions) on a document. Adding and modifying redactions requires both this right and the See Through Redactions right. Implicitly grants the Read right.
  • See Through RedactionsThe ability to see through redactions and choose whether to export documents with redactions removed or intact. Implicitly grants the Read right. (By default, users connecting through Laserfiche WebLink will not be able to see through redactions even if they have been granted this right.)
  • Write MetadataThe ability to manage the metadata assigned to an entry once it has been created, allowing a user to assign a template and field data to a document, as well as the ability to modify or delete document links and document versions and add or remove tags from documents and folders. (A user does not need this right to set metadata on an entry at the time it is created.) Implicitly grants the Read right.
  • Create DocumentsThe ability to create documents or shortcuts.
  • Create FoldersThe ability to create folders.
  • Read Entry SecurityThe ability to see the rights assigned to an entry. Note that users do not need this right to see their own effective rights.
  • Write Entry SecurityThe ability to assign access rights on an entry. Implicitly grants the Read entry security right.
  • Set Last Review DateThe ability to set, unset, or modify the review date on a vital record.
  • Close/Reopen FolderThe ability to close and reopen record folders, and file new records into closed record folders.
  • Add/Remove HoldThe ability to add or remove holds on entries.
  • Set Event TimeThe ability to set, unset, or modify the event date on a record folder. Set, unset, or modify the alternate retention event date.

Field and Template Access Rights


Field Access Rights

  • ReadThe ability to see the value of a field.
  • CreateThe ability to set a value for a field during document creation. With this right, a user can fill in a field at the time of document creation whether that field has been applied as part of a template or independently. Automatically grants the Read right.
  • EditThe ability to set a value for a field after document creation or apply an independent field to a document after document creation. Automatically grants the Create right.
  • Modify FieldThe ability to modify the field’s definition in Repository Administration, including changing the field name, type, default value, and constraints.
  • Delete FieldThe ability to delete the field’s definition in Repository Administration.
  • Read SecurityThe ability to read the field access rights for the field.
  • Write SecurityThe ability to write field access rights for the field. Implicitly grants the Read Field Security right.

Template Access Rights

  • ReadThe ability to view a template’s fields when the template is applied to a document, or to select it to apply to a document. Even if a user has the rights to all fields in a template, if they do not have this right for the template and the template has been applied to a document, they will not be able to see those fields. (This right has no effect on fields applied independently to the document, or fields applied via a different template, even if those fields are also present in this template.)
  • Modify TemplateThe ability to change the template definition in Repository Administration, including the template name, the fields the template contains, and the order of the fields.
  • Delete TemplateThe ability to delete a template definition in Repository Administration. Note that a user must also have the Delete Field access right to delete the fields contained within the template. If the user lacks these rights, the template definition will be deleted, but the individual fields will remain in the repository.
  • Read Template SecurityThe ability to view template security for the template.

⚠️ Please consult the source documents (below) for the most up-to-date information on Laserfiche permissions.

©️ Laserfiche 2022

Information consolidated by FreeDoc from the Laserfiche Cloud help documentation located at: https://doc.laserfiche.com/laserfiche.documentation/en-us/Default.htm

Reference Pages: Access Rights: https://doc.laserfiche.com/laserfiche.documentation/en-us/Content/CreatingGroups.htm

Features & Privileges https://doc.laserfiche.com/laserfiche.documentation/en-us/Default.htm#Privileges.htm

Entry Access: https://doc.laserfiche.com/laserfiche.documentation/en-us/Default.htm#Access_Rights.htm%3FTocPath%3DDocuments|Security|_____2

Field & Template: https://doc.laserfiche.com/laserfiche.documentation/en-us/Default.htm#Field_Rights.htm%3FTocPath%3DDocuments|Security|_____4