The assignment of user rights, privileges, and User Group membership in OnBase should follow the principle of least privilege. Least privilege means that users have no more permissions, rights, or privileges than they require to complete their tasks in the system. For example, users who only use OnBase to retrieve and index documents should not be assigned any user-administration privileges, just as users who are not authorized to view sensitive documents should not be given access to those documents.
The idea of least privilege is based on the premise that a user cannot perform a malicious action, either intentionally or by accident, if that user does not have permission to complete that action in the first place. It also means that if a user account is compromised, the attacker can only operate in the system with the limited level of access assigned to the user account that was compromised.