The standard OnBase Client accesses files in the OnBase Disk Groups directly through network shares and uses a local ODBC data source to access the OnBase database.
This architecture provides a high level of performance, which is beneficial for high-volume processes such as production scanning and import processing using Document Import Processor or COLD. It also requires additional attention when securing the data. In addition to managing user access within OnBase, a network administrator also needs to manage network access to the file shares that make up the OnBase Disk Groups.
A network administrator should plan for the following security measures:
-
Minimize the number of accounts that are given direct access to the Disk Groups on the network
-
File-level and share-level permissions to the Disk Groups on the network are required for all user accounts in OnBase
-
Least-privileged access rights to the OnBase Client and its functionality
-
Least-privileged access to document properties in OnBase helps deter path browsing
For more information on securing these specific areas of your OnBase environment, see: