Laserfiche Functionality
      Back to home
      1. Help Center
      2. Laserfiche Functionality

      What Is The Difference Between Allow, Inherit, and Deny Within Laserfiche Security Rights?

      Allow vs. Inherit vs. Deny

      If there are any unfamiliar terms within this article, please consult our glossary 


      As an Administrator, you have the ability to set security rights access for Users and Groups. These rights apply to different "parts" of Laserfiche, which include:

        • Account
        • Repository
        • Public Portal
        • Process Automation
        • Developer Console

      You can either click Expand All, or click the > symbol to see an expanded view. For example, the expanded view for Account would show:

        • Account Administration
        • Billing Administration
        • Trustee Administration
        • View User Group Membership

      Select the Presets drop-down menu, and you can choose to grant Full Rights, Inherit All, or Remove All Rights.

      Allow, Inherit and Deny

      Checking Allow gives the group or user specific access to that right.

      Allow will trump a blank check box, meaning the Group or User will be given that right, even if the Inheritance setting was left blank at a higher level.

      By default, a New User will automatically receive access rights assigned at a higher level in the folder structure, such as on the parent folder. This is referred to as Inheritance.

      When rights are inherited they apply to all subfolders and documents within the folder unless explicitly allowed or denied.

      If a right has not been specifically set for the User , meaning it is blank, the user may still inherit that right from a higher level, as long as there are no denying settings that conflict with it.

      Deny trumps everything, and should be used judiciously.

      If a Group or User is explicitly denied rights access, it does not matter what access they have been given at other levels.

      This can make it tricky to determine why a particular Group or User cannot access certain areas or features of the repository, because they may have been denied access rights somewhere else on the folder tree.

      If you leave an access right checkbox blank, a Group or User will not have that right, unless it has been set differently at a higher level.

       

      It is best practice to leave a checkbox blank, meaning the group or user will not be granted access, but will not interfere with higher folder tree settings.

      You may also decide to grant or deny specific access rights based on the Group or Users job requirements.

       

       

      Should you have any further questions, or this article does not complete your help request, please log in to the GFW client support area and lodge a support ticket using this link


      Matthew

      This article was written by Matthew Clooney.
      Click here to learn more about our authors.