![GovernmentFrameworks_Logo_Full Colour (3).png]](https://support.governmentframeworks.com/hs-fs/hubfs/GovernmentFrameworks_Logo_Full%20Colour%20(3).png?height=40&name=GovernmentFrameworks_Logo_Full%20Colour%20(3).png){kind=logo}
If there are any unfamiliar terms within this article, please consult our glossary
As an Administrator, you have the ability to set security access rights for Users and Groups. These access rights apply to different "parts" of Laserfiche, which can be accessed by navigating to:
Account Administration > Account > Groups (or Users)
Regardless of whether you look at Users or Groups, you will see a section called License and Access which includes:
-
- Account
- Repository
- Public Portal
- Process Automation
- Developer Console
You can either click Expand All, or click the > symbol to see an expanded view. For example, the expanded view for Account would show:
-
- Account Administration
- Billing Administration
- Trustee Administration
- View User Group Membership
Select the Presets drop-down menu, and you can choose to grant Full Rights, Inherit All, or Remove All Rights.
Allow, Inherit and Deny
Allow gives the Group or User specific access to that right.
Allow will trump a blank check box, meaning the Group or User will be given that right, even if the Inheritance setting was left blank at a higher level.
By default, a New User will automatically receive access rights assigned at a higher level in the folder structure, such as on the parent folder. This is referred to as Inheritance.
When rights are inherited they apply to all subfolders and documents within the folder unless explicitly allowed or denied.
If a right has not been specifically set for the User , meaning it is blank, the user may still inherit that right from a higher level, as long as there are no denying settings that conflict with it.
Deny trumps everything, and should be used judiciously.
If a Group or User is explicitly denied rights access, it does not matter what access they have been given at other levels.
This can make it tricky to determine why a particular Group or User cannot access certain areas or features of the repository, because they may have been denied access rights somewhere else on the folder tree.
If you leave an access right checkbox blank, a Group or User will not have that right, unless it has been set differently at a higher level.
You may decide to allow or deny specific access rights based on the Group or Users job requirements.
Should you have any further questions, or this article does not complete your help request, please log in to the GFW client support area and lodge a support ticket using this link
This article was written by Matthew Clooney.
Click here to learn more about our authors.