LF Cloud Permissions Reference
Types of Rights
| Group | Description | Access |
|---|---|---|
| User/Group Access Rights | User/Group control access to the various components within the access portal. | Account > Users > Users OR Groups > Select a User or Group > Security and Access |
| Feature Rights | Feature rights control actions that basic users can perform on documents, such as scanning, importing, printing, and deleting. | Repository Administration > Users > Users OR Groups > Select a User or Group > Rights |
| Privileges | Privileges control high-level administrative actions, such as setting security, creating templates and fields, or configuring auditing. | Repository Administration > Users > Users OR Groups > Select a User or Group > Rights |
| User/Group Entry Access Rights | Access rights determine what documents and folders a user can see and open, and what actions they can perform on those documents and folders. | In the repository, right-click on the folder/document to set rights |
| Field and Template Access Rights | Field and template rights allow you to control how fields can be accessed and modified in your repository. | Repository Administration > Metadata > Templates > Select a Template > Security |
User/Group Access Rights
User/Group Access Rights
Presets
Use the drop-down menu to choose one of the following options:
- Full Rights: Selecting this option allows the user full access rights to Laserfiche Account Administration, Public Portal, and Process Automation. In addition to this, the user will have rights to grant themselves full access in the Laserfiche Repository.
- Inherit All: Selecting this option means the user's access rights will be inherited from the user's group membership.
- Remove All Rights: Selecting this option means the user will not have any access rights to the Laserfiche Repository and Process Automation. User will not have any access rights to Account Administration and Public Portal unless inherited by the user's group membership.
Security and Access
Account
- Account Administration
Allows the user account full access to the Laserfiche Cloud Account Administration site.
- Billing Administration
Allows the user account to view the Plan tab and Billing tab (if applicable) in the Laserfiche Cloud Account Administration site.
- Trustee Administration
Allows the user account to view the Users tab in the Laserfiche Cloud Account Administration site.
Repository
- Access to Repository
Allows the account to sign in to the Laserfiche Repository and view documents.
- Set Laserfiche Privileges
Allows the account to manage privileges for the Laserfiche Repository through Repository Administration.
- Access to Repository Management
Allows the account to access Repository Administration.
- Audit Reporting
Allows the account to generate and view audit reports on the Laserfiche Repository.
- Laserfiche Web Configuration Manager
Allows the account to configure the default toolbar buttons for the entire repository. These defaults will be used instead of the generic repository defaults for any user who has not customized their toolbar. This role also allows the account to lock down toolbar configuration for other users.
Public Portal
- Public Portal Administrator
Allows the account to access the Public Portal Designer.
Process Automation
- Access to Process automation
Allows the account to sign in to Process Automation.
- Process Administrator
Allows the account full access to Process Automation, including full administrative rights.
- Process Asset Administrator
Allows the account to administer files, holidays, profiles, repository contents, and work schedules in Process Automation.
- Process Developer
Allows the account to create and modify workflows, rules, starting events, teams, and entities.
Developer Console
- Access to Process automation
Allows the account to sign in to Process Automation.
- Process Administrator
Allows the account full access to Process Automation, including full administrative rights.
- Process Asset Administrator
Allows the account to administer files, holidays, profiles, repository contents, and work schedules in Process Automation.
- Process Developer
Allows the account to create and modify workflows, rules, starting events, teams, and entities.
- Process Manager
Allows the account to view and start business processes and to modify rules.
Feature Rights
Feature Rights
- Scan
Scan into Laserfiche.
- Import
Import files into Laserfiche.
- Search
Search for documents and folders.
- Print/Export
Print and export documents and folders.
- Edit Text
Modify text in documents.
- Move Entry
Move a document or folder from one folder to another, or pages from one document to another.
- Process
Index documents and retrieve text from electronic files.
- Extended Properties
View additional information about documents and folders, such as entry ID, indexing status, and the extension of associated files.
- Delete
Delete documents, folders, and pages.
- Apply Optional Watermark
Apply an optional watermark when exporting or printing a document.
Privileges
Privileges
- Manage Entry Access
Browse to and configure security for all entries. This privilege allows the user to see (but open) all entries in the repository, regardless of access right configuration. Users with Manage Entry Access can also view, restore, and delete all deleted documents in the recycle bin, and view all checked out or locked entries and release the check-out or lock.
- Manage Templates and Fields
Create, edit, and delete all templates and field definitions. Users with this privilege can also modify field security. A metadata definition is the structure of the metadata item, not the value placed within it. For instance, elements of an Author field's definition include the field type, width, whether it's multi-valued or required, and what template it belongs to. The value of the Author field on a particular document is not part of its definition.
- Create Templates and Field
Create new templates and fields. Unlike Manage Templates and Fields, this does not allow you to modify existing template and field definitions.
- Manage Stamps
Modify and delete existing stamps. (Stamp creation is governed by the Annotate entry access right.)
- Manage Tags
Create and modify tag definitions.
- Manage Links
Create and modify document relationship definitions.
- Manage Repository Configuration
Administer general repository options as well as attributes on the Everyone group.
- Purge Entries
Purge entries that you deleted from the recycle bin. In conjunction with Manage Entry Access, allows you to purge any entry in the recycle bin.
- View Activity Log
Configure and view the repository's activity log. Any user can view the activity log for an entry for which they have the Read right; this privilege allows users to see the activity log for all entries, regardless of whether they have Read. The activity log is generally used in integrations and is only accessible via scripts; it cannot be viewed through the Laserfiche web client.
- Bypass Browse
See the existence of all entries in the repository, regardless of whether the user has the Browse right for those entries or not. This can enhance performance, as Laserfiche does not need to calculate rights for each entry in each folder. Does not allow users to see documents if they are tagged with a security tag the user does not have or to see the contents of a folder if they do not have the Read right on the folder.
- Manage Audit Settings
Specify which actions will be audited for which users and groups, and configure reasons for deletion, exporting, and printing.
- Records Management
Create records management definition such as retention schedules and cutoff instructions in Repository Administration, and perform record actions such as cutoff and final disposition in the repository. Users with this privilege must still have other appropriate rights to view and modify records. The Records Management privilege is not necessary for viewing or modifying the contents of records, as long as a user has other necessary rights.
- Edit Version Comments
Edit the existing comments on a document's versions. This privilege is not necessary for a user to create or edit their own version comments.
- Delete Document Versions
Permanently delete individual versions from a document's version history. Deleted versions will not be sent to the recycle bin.
User/Group Entry Access Rights
User/Group Entry Access Rights
- Browse
The ability to see if a document, folder, or shortcut exists.
✅The Browse entry access right is not sufficient to open a folder or a document. The Read entry access right is also required.
- Read
The ability to see the contents of a folder or document. This also allows you to see annotations on the document.
- Modify Contents
The ability to modify the contents of a document, including adding, removing, or modifying a pages, making changes to an electronic document, or generating text from a document. Implicitly grants the Read right.
- Append Data
The ability to add pages to a document or move existing pages into a document. If a document has not already been assigned text, this right grants the ability to generate the text of a document via OCR. It does not grant the ability to reorder or remove pages. Implicitly grants the Read right.
- Delete Entry
The ability to delete a document or folder. When deleting a folder, you must also have the necessary rights to delete all entries that reside in the folder. This right does not allow you to delete pages or text from a document.
- Rename
The ability to rename a document or folder.
- Delete Document Pages
The ability to delete pages from a document. Implicitly grants the Read right.
- Annotate
The ability to add, modify, and remove annotations (not including redactions) on a document. Adding and modifying redactions requires both this right and the See Through Redactions right. Implicitly grants the Read right.
- See Through Redactions
The ability to see through redactions and choose whether to export documents with redactions removed or intact. Implicitly grants the Read right. (By default, users connecting through Laserfiche WebLink will not be able to see through redactions even if they have been granted this right.)
- Write Metadata
The ability to manage the metadata assigned to an entry once it has been created, allowing a user to assign a template and field data to a document, as well as the ability to modify or delete document links and document versions and add or remove tags from documents and folders. (A user does not need this right to set metadata on an entry at the time it is created.) Implicitly grants the Read right.
- Create Documents
The ability to create documents or shortcuts.
- Create Folders
The ability to create folders.
- Read Entry Security
The ability to see the rights assigned to an entry. Note that users do not need this right to see their own effective rights.
- Write Entry Security
The ability to assign access rights on an entry. Implicitly grants the Read entry security right.
- Set Last Review Date
The ability to set, unset, or modify the review date on a vital record.
- Close/Reopen Folder
The ability to close and reopen record folders, and file new records into closed record folders.
- Add/Remove Hold
The ability to add or remove holds on entries.
- Set Event Time
The ability to set, unset, or modify the event date on a record folder. Set, unset, or modify the alternate retention event date.
Field and Template Access Rights
Field and Template Access Rights
Field Access Rights
- Read
The ability to see the value of a field.
- Create
The ability to set a value for a field during document creation. With this right, a user can fill in a field at the time of document creation whether that field has been applied as part of a template or independently. Automatically grants the Read right.
- Edit
The ability to set a value for a field after document creation or apply an independent field to a document after document creation. Automatically grants the Create right.
- Modify Field
The ability to modify the field's definition in Repository Administration, including changing the field name, type, default value, and constraints.
- Delete Field
The ability to delete the field's definition in Repository Administration.
- Read Security
The ability to read the field access rights for the field.
- Write Security
The ability to write field access rights for the field. Implicitly grants the Read Field Security right.
Template Access Rights
- Read
The ability to view a template's fields when the template is applied to a document, or to select it to apply to a document. Even if a user has the rights to all fields in a template, if they do not have this right for the template and the template has been applied to a document, they will not be able to see those fields. (This right has no effect on fields applied independently to the document, or fields applied via a different template, even if those fields are also present in this template.)
✅The Read template access right does not control whether a user can see the template name in the document's metadata, just whether the user can see the fields.
- Modify Template
The ability to change the template definition in Repository Administration, including the template name, the fields the template contains, and the order of the fields.
- Delete Template
The ability to delete a template definition in Repository Administration. Note that a user must also have the Delete Field access right to delete the fields contained within the template. If the user lacks these rights, the template definition will be deleted, but the individual fields will remain in the repository.
- Read Template Security
The ability to view template security for the template.