This Help topic refers to the following editions:
þ Professional þ Enterprise
DocuXplorer security is based on users and groups of users.
Users/Groups
Users are individuals for which the administrator has assigned a login name and optionally, a password. Groups consist of users who have the same set of security permissions. The Administrator user displayed in bold cannot be deleted or renamed.
Note: Passwords are required for compliance with SEC and HIPAA regulations.
Tip:
For clients who do not want to implement DocuXplorer security features but do want to use the document audit trail; add all your users and select the Login Required option in the DocuXplorer desktop menu item Tools/Options/Library. One easy way to accomplish this is to create a single Group called Everyone with Read/Write or Full Control permissions. Drag and drop all your users into the Everyone group thereby giving all your users full permissions while tracking their usage in the Document Event Logs.
Administrators set permissions for the functions of a DocuXplorer object for each user or group of users. Administrators can give permission for a user or group to modify permissions for any DocuXplorer Object.
DocuXplorer Objects include the: Library, Cabinets, Drawers, Folders, Documents and Index Sets. Administrators can set users/groups and permission for a DocuXplorer Object in its properties dialog box.
Tip:
Security changes made to a Cabinet open on a user's workstation will not take affect until the Cabinet has been closed and reopened.
Login
Login provides users with a specific set of permissions assigned by the Administrator. Administrators should require that users login to DocuXplorer each time they open the program. Administrators can choose to allow users to login using either the login and password as set in the Tools/Options/Manage Users/Groups Item or use the users existing network login.
Permissions
Permissions can be set for any function on a DocuXplorer Desktop Object menu: such as add, view, modify, create objects, print, email, and more. For ease-of-use, DocuXplorer provides Permission templates to automatically set the most common permissions for groups and users. These template permission levels affect the selected object and all objects below it.
Permissions can be set for the following objects in their properties dialog box click an object for more information:
Tip:
Permission sets are synchronized across a Library.
Close all Cabinets when making changes to permissions.
Changes in permissions are posted to a Cabinet when it is reopened after a change.
Security Properties Inheritance
By default DocuXplorer objects inherit security permissions from their parent object. A parent object is the DocuXplorer object directly above it in the hierarchy. As new objects are created they inherit the Users and Groups with their associated permissions from their parent object. You can break an inheritance chain at any object by changing its users, groups or their permissions. That object can then become the parent of a new inheritance chain by choosing to Replace permissions on all its child objects, making it the parent of the objects below it.
For example:
A law firm has setup all of their users and group permissions in the Library object. When they create a new Cabinet it will automatically inherit the same users and group permissions that were set for the Library object - "Inheritance from a Parent Object". When additional Drawers in the new Cabinet are created, the Drawers will inherit their security settings from the Cabinet object. The concept of "inheritance" flows down to Document object which is the lowest object in the Library hierarchy.
Changes can only be made by users with Administrator rights or user and groups with permission to modify permissions.
Changes can be made to the security settings for any object level in its properties dialog box.
Important: To make a change in user/group permissions at any object below the Library object you must uncheck the "Inherit permissions from parent" item. If left checked changes will be overridden by permission inheritance from the parent object.
When a change is made in an object's permissions you have the choice of allowing the change to overwrite the settings of all its child objects by selecting "Replace Permissions on all Child Objects" .
When you replace the permissions on a Child Object, any permissions previously set on an object below the object being changed will lose those changes when they are overwritten by the parent object permissions.
Tip:
It is recommended that all users and groups be added at a Parent Object to allow for inheritance down to the object where you will make changes to the inheritance. If a user or group is added to an object below the Parent Object the new users or groups will have to be added to all objects above it, up to the Parent Object.
Visibility
DocuXplorer allows an administrator to set the DocuXplorer Desktop display for each user or group by using the visibility permission for a DocuXplorer object. Using this powerful feature an administrator can deny a user or group the ability to see an object, tailoring the DocuXplorer Desktop to each users or groups specific needs. See each object's permission topic for more information.
For example:
The Human Resources Department needs to secure their confidential documents so that only human resources personnel can view them. To do this the DocuXplorer administrator would create a group called HR, placing all HR personnel in the group. From the Human Resources Cabinet Properties/Permissions dialog box the administrator would add the HR Group and create a custom set of permissions as required by the specific needs of the group and select the option to "Replace permissions on child objects" to insure that a Cabinet search by a non-HR Group user will not reveal any document to unauthorized users.
Index Set and Field Security
DocuXplorer security also includes the ability to secure Index Sets and Index Fields. Administrators can set permissions to allow or disallow modification of Index Sets and Fields. In additional permissions can be assigned to an Index Field to allow only specific users or group to view a field and leave it invisible to other users. See the Index Set and Field Security Topic for more information.
For example:
In the HR Index Set a field has been created with employee salary information. The HR manager does not want all members of the HR department to see this confidential information but does wish to view the data for herself and allow it to be viewed by other specific company executives. The administrator would create a group of users and in the Index Field Properties Permissions dialog box and set the field to be Visible only to the assigned group which would consist of the HR Manager and specific executives.