Setting Up Users and Groups

FileHold has multiple ways of ensuring user authentication and authorization of resources:

• Authentication identifies a user based on username and password.

• Authorization uses the authentication information to grant the appropriate level of access control to the content and other tools.

Granular roles-based security allows the System Administrator to quickly control the exact level of access a group of users will have to FileHold. For example, a group of users may be restricted to 'Read Only' access for one type of file yet have full access to another document type. Security can be configured at multiple levels so documents can even be stored in the same folder yet carry differing permissions of access.

There are two types of user accounts: Locally Managed Users and Active Directory Synchronized Users. Both types of accounts can co-exist on the same FH Server.

• A Locally Managed User is an account that does not authenticate or synchronize against Active Directory systems. This allows System Administrators to setup and manage users without involving complex IT deployment scenarios. This is suited for a non-technical System Administrator in a smaller organizational environment. The FileHold Locally Managed User account leverages two Microsoft based components for application developers called AzMan (Authorization Manager) and ADAM. (Active Directory Application Mode). These components provide security and standard management functionality without needing to authenticate or synchronize against Active Directory.

  Administrators can quickly create user accounts in mere minutes OR activate user self-registration. This allows users to register themselves in FileHold for an initial period of time. These users can enter their full name, user name, and other contact details (which is optional). Unlike regularly registered users, self-registered users are placed into a temporary area where they are assigned to a group that has no permissions or rights. The administrator re-assigns these users to a group that provides them with the access they need.

  NOTE: If you are self-registering a group of people that have identical permissions and content access requirements internally then this temporary security precaution can be skipped entirely.

• Active Directory Synchronized Users are users that called FileHold Domain Users. Groups synchronized with Active Directory are called FileHold Domain Groups. The users and groups behave the same way as locally managed users when interacting FileHold. The difference is that the properties (contact information, passwords etc) associated with domain user/groups are managed externally in Active Directory and not through the user properties of the document management system.

Managing User and Group Access

Users are placed within FileHold Groups. FileHold Groups are created by System Administrators and given a specific name and permissions (role) to system functionality. Roles give users specific functionality throughout the system, however, groups can have their roles restricted at the cabinet, folder, or schema level.
Groups and users are given access via membership to FileHold cabinets, folders and schemas. These permissions provide control down to the document level. The degree of access users have to content is determined by their role.

The following flowchart depicts how users and groups are set up in the system.

See also:

User and Group Security Overview

Creating Locally Managed Users

Synchronizing Domain (Active Directory) Users and Groups

Creating Groups

User Roles

Adding Users to Groups

Viewing User and Group Properties

Searching for Users

Deleting Users and Groups

Guaranteed User Access

Reset User Password

Setting a Viewer License

Enabling and Disabling Accounts