The following options are available on the Security tab:
Security Option |
Description |
---|---|
Disable user object lock administration |
Select the option to disable a user from seeing the User | Locked Objects menu in OnBase. The Locked Objects menu allows users without Administrative Privileges to remove the Document and Process locks associated with their own user login. CAUTION:
De-selecting this option gives every user without Administrative Privileges the ability to unlock their own locked objects. Note:
Selecting this option does not restrict a user's access to the Manage Locks button in the Unity Client. |
Do not restrict document maintenance by user document type privileges |
The Document Maintenance function respects the Document Type Privileges of users. This means that a user, without proper rights, is not able to access/purge documents he or she does not have access rights to. When you select this option, you enable every user to do Document Maintenance functions, such as View, Delete, Re-index, and Purge documents. CAUTION:
By default, this option is unchecked. If you select this option, you are allowing users, regardless of their Document Type Privileges, to perform Document Maintenance functions, including the Purge command. Purged documents are permanently deleted from OnBase and cannot be recovered. |
Document modify right does not imply right to delete document pages |
Select this option to deny users with the Modify privilege the right to delete pages from a document. Users with both Modify and Delete privileges will retain rights to delete documents and pages from documents. Note:
This setting does not apply to revisable documents. Users with both Modify and Create Revision privileges can delete pages from revisable documents regardless of this setting. EDM Services licensing is required to create revisions. |
Use file based repository for workstation registry settings |
Once this option is enabled, the current OnBase registry settings found in Windows Registry Editor are migrated to the DMAppSettings.INI file. This file can be found in the C:\WINDOWS directory. CAUTION:
If this setting is disabled after the end-user makes changes to OnBase, the registry will not be updated. |
Disable Envelope sharing |
When selected, envelope sharing is disabled. This option overrides the Envelope Sharing privilege in the User Groups and Rights settings. Users will not be able to share envelopes or documents within the envelope with other users who do not have rights. |
Disable workstation account creation |
When this option is selected, the hsi user will not be able to create workstation accounts. Instead, the hsi account itself will be used to log in to the database. |
Enable User Group based Print Format security |
If this option is enabled, users will only be able to view Print Formats that they have been assigned rights to. When this option is enabled, administrators will be able to assign user groups to specific print formats when configuring the print format, or assign print formats to user groups when configuring the user group. When this option is deselected, all print formats can be accessed by all users. This option is deselected by default. |
Do not filter reverse autofill keyword set lookup objects by document type autofill keyword set configuration |
When this option is enabled, users will be able to access Reverse AutoFill Keyword Set lookups that are not assigned to the Document Type of the document being viewed. When this option is deselected, users will only be able to access Reverse Autofill Keyword Set lookups that are assigned to the Document Type of the document being viewed. This option is deselected by default. |
Require Reauthentication for User and User Group Changes Note:
Only the MANAGER and ADMINISTRATOR accounts can select or deselect this option. |
Select this option to prompt users to reenter their login passwords when accessing the Users | User Groups / Rights or Users | User Names / Passwords menu option in the Configuration module. A login password is also required when deselecting this option after it has been selected and Global Client Settings are saved. Note:
Reauthentication is not supported with Single Sign-On or IdP Authentication autologins. Users who are required to reauthenticate after logging in, such as when acknowledging files in Document Knowledge Transfer, will be unable to perform those tasks if they used autologin to access OnBase. |
Restrict Scheduler Display to Schedule Admins |
Select this option to hide the Processing | Scheduler menu, the Schedule Management and Schedule Templates dialog boxes, and all Scheduled Processes queues from users who do not have the Client Scheduler product right. When this option is deselected, users without the Client Scheduler product right can see scheduled processes, but not modify them. This option is not selected by default. |
Disable CSV export sanitization |
Select this option to disable CSV export sanitization. When this option is deselected, in CSV files generated through OnBase, ' is inserted at the beginning of values that begin with =, -, @, or + to prevent spreadsheet applications from executing commands. CAUTION:
Disabling CSV export sanitization may make your computer vulnerable to potentially malicious code. |
Document Type Permission Overrides |
Least Restrictive: This option combines Document Type overrides across multiple user groups to allow for the least restrictive combination of privileges for a user. It is selected by default. Most Restrictive: This option combines Document Type overrides across multiple user groups to allow for the most restrictive combination of privileges for a user. For more information, see Setting Override Privileges. |
Folder Type Permission Overrides |
Least Restrictive: This option combines Folder Type overrides across multiple User Groups to allow for the least restrictive combination of privileges for a user. It is selected by default. Most Restrictive: This option combines Folder Type overrides across multiple User Groups to allow for the most restrictive combination of privileges for a user. For more information, see User Group Configuration for Folder Types. |
Client Timeout |
Least Restrictive: This option combines User Group Timeout Configurations across multiple User Groups to allow for the least restrictive timeout for a user. It is selected by default. Most Restrictive: This option combines User Group Timeout Configurations across multiple User Groups to allow for the most restrictive timeout for a user. For more information, see User Group Configuration for Timeout. |