Document Management >> Software >> System Security
FileHold '08 document management software provides many means of user authentication and authorization to resources across the entire system. Authentication ensures that people are who they claim to be. Authorization uses this information to grant the appropriate level of access control to resources, including applications and content within each of those applications.
User Roles & Access Rights Security
Granular, roles-based security allows the FileHold Administrator to
quickly control the exact level of access a group of users will have
to FileHold. For example, the 'Sales' group of users may be restricted
to have 'Read Only' access to documents in the library. Security access
levels can be specified across the whole company, a department, a group
of users down to individual users. By default there are 5 different
roles with different access rights to the system. These are as follows;
- Read Only Users - have Read only access to documents
- Publisher Users - have Read, Add access, edit access to documents
- Publisher Plus Delete Users - have Read, Add access, edit and delete access to documents
- Library Administrators - have full access to
all documents and administrative rights to managing the library structure
and metadata services.
- System Administrators - have full access to all
documents and system functionality including the ability to manage
users and group permissions.
Content Level Security
FileHold provide an additional layer of authorization control by restricting
access to content within the library. For example a 'Sales' group of
users can be restricted to have only access to documents intended for
sales staff. This second layer of authorization control is essential
in extranet situations when non-employees need to be restricted to only
the content that is relevant to them. Authorization also extends to
protect specific document types from being viewed in FileHold by non
authorized users. FileHold '08 controls access to the following content
items in the library;
- Access to Files & Folders - folder memberships control who has access to the files contained within
- Access to Different Types of Documents - because some types of documents are more sensitive than others (e.g. performance reviews or expense reports)document type memberships control who has access to one type of document or another. If users do not have access to the document type they will not see the document even if it exists in a folder they are members of.
- Access to Filing Cabinets - In many cases users have to be restricted to a entire area of the library. Cabinet memberships allow library administrators to quickly create dedicated sections (cabinet)of the library for different departments. Users are then restricted to granting file and folder access to only the subset of users that have access to the cabinet.
Global Application Security Features
In addition to the features of any secured web application that is running
on Windows 2003 server, is properly utilizing IIS 6 while running in
a firewalled secured area of the network, FileHold '08 offers the following
additional Global Application Security Features;
- Single Point of Logon (Authentication) - FileHold
document management software is accessible through a common logon
screen providing a secure 'Front Door' to the entire system. Users
first log on by providing a unique username and password. Each user's
password is encrypted and verified against their account information
held in a secure user accounts database or against the directory server
FileHold server is synchronized with.
- Web Services Security - All FileHold Web Services
require authentication preventing unauthorized users from sending
or retrieving anything to the FileHold server by bypassing the web
client or smart client authentication systems.
- SSL Support - FileHold can be deployed under SSL
(Secure Sockets Layer). SSL is an industry standard protocol and is
supported by all major Web servers and browsers.
- Session Security Services - Users are automatically
disconnected after a configurable period of inactivity. Session variables
are kept server side, and no information is left on the client browsers.
This way if a different user accesses the browser at the same computer,
no information is available until they log on as a new user.
- Template Level Security - Template level security restricts execution and direct access to applications unless the user has the proper permissions by quickly checking a users access rights at every visit to every page.
