Implementing Least Privilege - Security Best Practices - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Security Best Practices

Security Best Practices
Foundation 23.1

OnBase is designed to allow an administrator to rapidly implement a custom security profile for each user and User Group in the enterprise to help implement the concept of least privilege. User accounts can be added, deleted, and modified with an intuitive point-and-click interface in the OnBase Configuration module. The product rights and privileges defined for each User Group are similarly managed in the OnBase Configuration module.

Unique levels of security are achieved by creating a custom set of product rights and privileges for each OnBase User Group to which individual users are then assigned. If a user is a member of multiple User Groups, the user is granted the cumulative rights of all the groups they are a member of. For example, if a user is a member of Group A and Group B, and Group B allows users to access documents that Group A cannot access, then the user who is a member of both groups can still access those documents because of his membership in Group B.

Within User Groups, individual users can still be limited to read-only access to documents and Keyword values, and Keyword values can also be masked or hidden from users with limited rights. Using Security Keywords, users can also be prevented from viewing documents based on the Keyword values assigned to the document, even if a user is a member of a User Group with access to that Document Type. Indexing limits can also be assigned to a User Group, in order to prevent users from indexing documents with specific Keyword values.


For more information on building a robust security model in OnBase, see Security Best Practices Overview.