Configuring User Group Privileges - System Administration - On-Premises - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Premier - external - Standard - Essential - Premier - Standard - Essential

On-Premises System Administration

Platform
OnBase
Product
System Administration - On-Premises
Release
Foundation 23.1
License
Premier
Standard
Essential

User Groups must be assigned document and folder privileges, as well as privileges to use certain OnBase features and modules. These privileges define what actions users within the User Group can or cannot perform from within OnBase.

Note:

Each of the OnBase modules must have a purchased license (in addition to having the associated Privileges and Product Rights) in order to access them.

Note:

Before removing a product license, deselect the Privileges and Product Rights associated with that product.

  1. In the Configuration module, select Users | User Groups & Rights.
  2. Select the User Group to be configured and click Privileges to open the Assigning User Group Privileges dialog box.
  3. Enable the check boxes that correspond to the privileges that should be granted to the User Group. Reset automatically restores the check box settings displayed when the dialog box was last opened. Clear deselects all boxes.

    If you are using the -ROMANZO switch, you can select all privileges by clicking Set All.

    CAUTION:

    Before using features enabled by the -ROMANZO switch, ensure that you understand the feature and implications of any changes to your system. Contact your service provider with any questions regarding these features. Features enabled by the -ROMANZO switch should not be made available to the casual user. Remove the -ROMANZO switch after completing necessary actions.

    See the tables below for descriptions of each check box.

  4. Click Save to retain the settings.
    Note:

    The Document Privileges assigned to a User Group pertain to every Document Type to which users in the User Group have access. You can configure certain Document Types to override these Document Privileges in the User Groups & Rights | Document Types settings.

    Documents

    Description

    Retrieve/View

    Allows the user to retrieve and view documents from any search results list or batch.

    In the OnBase Client, users can retrieve documents from envelopes without this privilege, but they cannot access Keyword Values.

    Note:

    If users have rights to the Registered Processing Products but do not have access to SYS Verification Reports, they can still read Verification Reports from the batch in the Awaiting Commit Queue right-click menu. Users would be unable to view the report from inside the batch or from a retrieval method.

    CAUTION:

    The Retrieve/View privilege does not restrict users from being able to see a list of documents in a Document Search Results list, including any Keyword Values displayed in the Auto-Name Strings; however, users are not able to open the documents unless this privilege is granted.

    Create

    Allows the user to create new documents, forms, document templates, and physical record locators using Document Types the user has rights to.

    The Create privilege is also required for users to add new documents from an ad hoc import interface.

    Users with Create and Import privileges can create documents using the drag and drop import method.

    Users with Create and Copy to Clipboard / Save As privileges can use the Send To | Create New Document option to create documents from an existing document.

    Modify

    Allows for the modification of documents, including adding or deleting pages and creating redactions.

    Note:

    To exclude the ability to delete pages from documents, select Document modify right does not imply right to delete document pages under Users | Global Client Settings | Security.

    Save Rotation

    Allows the user to save the rotation that has been placed on a displayed image.

    Delete

    Gives the user the privilege to delete documents.

    You must have the Delete privilege for the following functions:

    • Delete a page from a single paged document

    • Rights to the Trash Can

    • Delete copied page from original document option when creating a new document from a page from an existing document

    Note:

    Users without document deletion rights can delete documents that reside in an envelope. Those documents are deleted only from the envelopes, not from OnBase.

    Note:

    This privilege does not apply to scanned documents in a batch that have not been indexed (assigned to a Document Type). These documents can be deleted by anyone.

    Delete Uncommitted Only

    Gives the user the privilege to delete uncommitted documents. Users with this privilege will be unable to delete documents after documents have been committed.

    This privilege is automatically selected if the Delete option is selected.

    Print

    Gives the user access to print capabilities.

    External Mail

    Allows e-mail to be sent outside of the users in the database.

    Internal Mail

    Allows users to send and receive internal mail messages.

    Note:

    Without this privilege, users can still read and reply to internal mail messages in the OnBase Client when the User Option Notify on New Mail is selected.

    Re-index

    Allows the user to change the Document Type and/or Keyword Values indexed for a document.

    Note:

    The Re-index drop-down list only displays Document Types for which the user has the Create privilege.

    Note:

    In the Unity Client, users without the Access Restricted Keywords privilege are unable to re-index documents between Document Types that include the same Keyword Type at different restriction levels. This change does not impact users with the Access Restricted Keywords privilege. If a user or user group needs to re-index documents that include restricted keywords, you can either grant them the Access Restricted Keywords privilege or you can set up override privileges on the specific document types they need to re-index.

    View Revisions

    Allows the user to view and print any revisions of a document.

    Note:

    EDM Services licensing and rights are required for the ability to use document revisions. See the EDM Services module reference guide for more information

    Create Revisions

    Allows the user to create revisions.

    Note:

    EDM Services licensing and rights are required for the ability to create document revisions. See the EDM Services module reference guide for more information.

    View Versions

    Allows the user to view stamped versions of documents.

    Note:

    EDM Services licensing and rights are required for the ability use document versions. See the EDM Services module reference guide for more information.

    Create Versions

    Allows the user to create versions from revisions of documents.

    Note:

    EDM Services licensing and rights are required for the ability to create document versions. See the EDM Services module reference guide for more information.

    Modify Keywords

    Allows the user to view and change Keyword Values. The View Keywords option is automatically selected and cannot be unchecked. If disabled, the Keyword Values in the Add/Modify Keyword dialog box cannot be changed from any related application.

    Note:

    If this document is checked out by another user, the Keyword Values will not be able to be modified regardless of privileges.

    View Keywords

    Allows the user to view Keyword Values without granting the user the right to modify Keyword Values. If this option is not selected, the Add/Modify Keyword dialog box cannot be accessed from any related application.

    Access Restricted Keywords

    Allows access to any read-only or hidden Keyword Values.

    Note:

    In the Unity Client, users without the Access Restricted Keywords privilege are unable to re-index documents between Document Types that include the same Keyword Type at different restriction levels. This change does not impact users with the Access Restricted Keywords privilege. If a user or user group needs to re-index documents that include restricted keywords, you can either grant them the Access Restricted Keywords privilege or you can set up override privileges on the specific document types they need to re-index.

    View History

    Allows users to view the history of all actions performed on individual documents.

    CAUTION:

    Document History should be restricted if sensitive information about documents will be recorded.

    Copy to Clipboard / Save As

    Allows a section of a text document to be copied (Copy to Clipboard) and entire documents to be saved to an external file (Save As). For image documents, part of the image or all of the image may be saved into another file.

    Also allows users who have the Create privilege for a Document Type to use the Send To | Create New Document option to create new documents of that Document Type.

    Separate

    Allows the user to perform Document Separation in the Unity Client.

    Note:

    To perform ad hoc Document Separation actions in the Unity Client, the User Group must also be assigned the Advanced Document Splitter privilege.

    For more information on ad hoc Document Separation, see the Unity Client module reference guide. For more information on batch Document Separation, see the Document Imaging module reference guide.

    Note:

    This privilege is not respected by the Split Document Workflow action. For more information, see the Workflow module reference guide.

    Create Reference

    Allows the user to add documents to the EDM Briefcase as references. For more information, see the EDM Services module reference guide.

    View Unmasked Documents

    Allows the user to view documents that have been configured for image masks in their unmasked state. For more information, see the Image Masking module reference guide.

    Create Integration Hyperlink

    Allows users to email document links using DocPop and FolderPop in the Web Client and Unity Pop in the Unity Client. For more information on DocPop, see the DocPop module reference guide. For more information on FolderPop, see the FolderPop module reference guide. For more information on Unity Pop, see the Unity Client module reference guide.

    Note:

    In order for a user to access the Delete/Reorder Pages right-click option, one of the following privileges must be granted: Modify, Delete, or Save Rotation. If none of these privileges are granted, a View Thumbnails Only option will be available in it place.

    Client Features

    Description

    Retrieve Dialog

    Allows access to the Document Retrieval dialog box and its functionality.

    Import

    Enables the user to import documents using the import/upload interfaces in the clients.

    Users must have either the Create User Group privilege or Create override privileges for at least one Document Type to access the import/upload interfaces.

    Envelopes

    Enables the user to perform all functions associated with an envelope (Create, View, Export).

    Note:

    Export rights are also required if an envelope is to be exported.

    Sharing

    Click the Sharing check box in order to give the selected User Group full rights to envelopes. This allows users within this User Group to share the envelope with other users.

    Note:

    This privilege is disabled if the Disable Envelope sharing Global Client Setting is selected.

    Document Properties

    Allows access to Document Properties. Required for the Export to DIP file function.

    User / Workstation Options

    Allows access to the User Options dialog box and the Workstation Options dialog box.

    Enable Markup Toolbar

    Enables the Markup Toolbar option in the OnBase desktop. You must be licensed for the EDM Services module in order to use the Markup Toolbar.

    Thumbnail Hitlist Results Viewer

    Enables the Thumbnail Viewer feature in the OnBase Client and Web Client. This option allows a user to preview thumbnail-sized images of Image documents from a Document Search Results list.

    The Thumbnail Viewer is only applicable for image documents.

    Doc Retention Properties

    Enables the Document Retention tab on the Document Properties dialog box. For licensing and usage information, see the Document Retention documentation.

    Doc Retention Exclusion

    Enables the Exclude from Document Retention function on the right-click menu of the document search results list. For licensing and usage information, see the Document Retention documentation.

    Doc Retention Remove Exclusion

    Enables the Remove Exclusion from Document Retention function on the right-click menu of the document search results list. For licensing and usage information, see the Document Retention documentation.

    Toolbar Configuration

    Determines whether a user can customize the OnBase Toolbar Buttons in their system menu. (User | Toolbars | Customize Toolbar).

    External Text Search

    Enables the Text Search button on the Document Retrieval dialog box and Custom Queries which are configured to have the button. This privilege is selected by default for each User Group.

    Note:

    This privilege does not affect Internal Text Search.

    Folder Properties

    Allows the User Group to view information about the folder. A folder's properties include its Folder Type, usage and content settings, and user who created the folder.

    Access Security Masked Keywords

    Allows users to configure Keyword Type encryption and view encrypted Keyword Values without the security mask, if a security mask is configured. For licensing and usage information, see the Encrypted Alpha Keywords documentation.

    Personal Page Configuration

    Allows users to configure their own Personal Pages in the Unity Client. This privilege is selected by default for each User Group.

    Templates for Personal Pages

    Allows users to create and configure templates for Personal Pages and share them with other User Groups.

    Note:

    The Usergroup Security Configuration right must also be configured for the User Group so that users can access the appropriate layout.

    Document Packets

    Allows users to generate Document Packets in the Unity Client. For licensing and usage information, see the Document Packaging documentation.

    On Demand Diagnostics

    Allows users to access the On Demand Diagnostics console. For licensing and usage information, see the Workflow or WorkView documentation.

    User Defined Custom Queries

    Allows users to create or use personal queries when View Keywords is also selected. For licensing and usage information, see the Combined Viewer documentation.

    Media Streaming

    Allows media method access.

    Folders

    Description

    Retrieve / View

    Allows users to retrieve and view folders within the File Cabinets window.

    Create

    Allows users to create folders in a file cabinet.

    Note:

    If a user creates a document in an auto-foldering Document Type, an auto-folder is created regardless of the user's privileges to create folders.

    Modify Keywords

    Allows users to view/add/modify/delete Keyword Values on folders.

    View Keywords

    Allows users to view Keyword Values on folders.

    Note:

    This option is automatically selected if the Modify Keywords privilege is selected.

    Modify Folder Contents Keywords

    Allows users to modify Keyword Values on child folders and documents using the Folder Contents | Keywords right-click options. Users must also have the Modify Keywords privilege for the current folder to use Folder Contents | Keywords options.

    This privilege allows users to modify Keyword Values on only the child folders and documents that the user has privileges to both view and modify Keyword Values on. If the user lacks either privilege on a child folder, then the user cannot modify Keyword Values on the child folder or its documents using the Folder Contents | Keywords options. Similarly, if a user lacks privileges to view or modify Keyword Values on documents within a folder, then the user cannot modify Keyword Values on those documents using the Folder Contents | Keywords options.

    Copy

    Allows users to copy folders configured as copyable. No Keyword Values are updated on copied folders.

    Move

    Allows users to move folders configured as movable.

    When a folder is moved, Keyword Values on the folder and its contents are updated according to the Keyword Values update rules for moved folders. To preserve accuracy, Keyword Values are updated regardless of a user's privileges to view and modify Keyword Values on the folder and its contents.

    For more information on the Keyword Values update rules for moved folders, see the Folders documentation.

    Delete

    Allows users to delete folders from a file cabinet and send them to Folder Maintenance.

    Add Documents

    Allows users to add documents to static and static/dynamic folders.

    Remove Documents

    Allows users to remove documents statically residing in a folder.

    CAUTION:

    Even without the Remove Documents folder privilege, users who have the Delete document privilege can send documents in folders to Document Maintenance.

    View History

    Allows users to view all actions performed on individual folders.

    The Folder History window is accessible from the OnBase Client, Web Client, and Unity Client.

    CAUTION:

    This privilege should be restricted if sensitive information about folders will be recorded.

    Scan/Index Batches

    Description

    Index Scanned Documents

    Allows the user to perform the following tasks for batches associated with scan queues to which the user has rights:

    • Full batch indexing tasks, including document modification tasks (i.e., deleting, appending, creating, and rotating pages/documents).

    • Pre-index and post-index scan queue sorting.

    Note:

    Both the Index Scanned Documents privilege and the Document Imaging Administrative Processing Privilege are required to allow the user to skip Document Separation or re-indexing steps for the batch.

    Restricted (Unity Only)

    Restricts a user with the Index Scanned Documents privilege from doing the following:

    • Performing document modification tasks (i.e., deleting, appending, creating, and rotating pages/documents) while indexing batches associated with scan queues to which the user has rights.

    • Performing standard indexing tasks within the Awaiting QA Review and Awaiting Manager Resolution batch status queues.

    Note:

    The Document Imaging Administrative Processing Privilege overrides this option.

    Note:

    This option is only respected in the Unity Client.

    Note:

    This option is only enabled when the Index Scanned Documents option is selected.

    Split Batches (Unity Only)

    Allows a user who is indexing a document in the Awaiting Index, Index in Progress, Awaiting QA Re-Index, or QA Re-Index In Progress batch status queue to remove the document from the current batch and add it to a separate batch (using the Index and Add to Separate Batch ribbon button).

    Note:

    This option is only respected in the Unity Client.

    Note:

    This option is only enabled when the Index Scanned Documents option is selected.

    Note: This option is only supported in standard scan queues. The rationale for this is that with custom scan queues, the user can index certain documents and then Save and Transition the batch. This action leaves the un-indexed documents in the indexing step, which negates the need to split the batch.

    Commit Scanned Batches

    Allows the user to commit batches of documents that have been scanned into OnBase. This option also allows users in the Unity Client's Batch Processing layout to mark batches as ready to commit.

    Purge Scanned Batches

    Allows the user to purge batches of uncommitted documents that have been scanned into OnBase.

    Purge Committed Scanned Batches

    Allows the user to purge committed batches of documents scanned into OnBase.

    Change Batch Scan Queue

    Allows the user to re-assign a batch of scanned documents from one scan queue to another.

    Rename Scan Batches

    Allows the user to rename batches of scanned documents.

    Note:

    The Commit Scanned Batches, Purge Scanned Batches, Purge Committed Scanned Batches, Change Batch Status Queue, and Rename Scanned Batches options are enabled automatically for users with the Document Imaging Administrative Processing Privilege.

    Note:

    To maintain backwards compatibility, these options are enabled, but not selected, by default for a newly created User Group.

    Client Based Products

    Description

    Create List Report

    Allows the user to generate a List Report . The report is stored in the SYS List Contents Reports Document Type.

    Allows the user to generate a Keyword List when the View Keywords privilege is also selected.

    Note:

    Any user granted rights to administer batch queues has the right to Create a List Report on the batch or batches. This privilege applies only to the ability to generate reports from hit lists.

    Full-Text Search

    Allows the full-text search field to be displayed in OnBase when Full-Text Search is licensed.

    Statement Rendering

    Allows statements to be created in the Configuration module and generated (individual or batch) in OnBase.

    Document Distribution

    Allows users to run Document Distribution processes on documents that are not associated with the Image Statements module.

    Host Application Enabler

    Allows for the configuration of settings for Terminal Emulation in the Configuration module, and access to those settings in OnBase. The product license for Host Application Enabler is also required.

    Workflow

    Enables all Workflow functionality in the Client module (execute user work, purge document, etc.). Licensing for Workflow is also required. The Workflow Restricted option is automatically selected and becomes disabled for selection when the Workflow option is selected.

    Note:

    If you deselect this option, the Workflow Restricted option stays selected. If you do not wish to grant this privilege, you must manually deselect it.

    Workflow Restricted

    Enables all Workflow functionality in the Client module, but denies Client users the option to Execute Workflow or Add to Workflow from right-click menus outside of the Workflow module.

    Note:

    When the Workflow privilege is select, this option is automatically granted.

    Customer Information

    Enables the viewing and maintenance of Customer Information (Document Distribution module) from OnBase. Specifically, the Customer Information function will not be available at the File main menu, and Recipient Information will not be available at the Document Distribution sub-menu (Admin main menu).

    WorkView

    Enables all WorkView functionality in the OnBase modules. Licensing for WorkView is also required.

    Time Stamp Documents

    This option is a legacy setting that is no longer respected by OnBase.

    Advanced Document Splitter

    Enables the ability to use the Document Separation window in the OnBase Client and Unity Client.

    Note:

    To perform ad hoc Document Separation actions in the Unity Client, the User Group must also be assigned the Separate privilege.

    Word Document Composition

    Enables the ability to compose documents based on pre-configured templates. For licensing and usage information, see the Document Composition or Electronic Plan Review documentation.

    Send Ad Hoc Cavion Notifications

    Enables the ability to send Cavion notifications on an ad hoc basis. For licensing and usage information, see the Integration for D+H Phoenix documentation.

    Document Composition Administration

    Enables the ability to configure templates. For licensing and usage information, see theDocument Composition or Electronic Plan Review documentation.

    Signature Pad Administration

    Allows access to Signature Pad Administration. For licensing and usage information, see the Signature Pad Interface (TWAIN) documentation.

    Field Application

    Allows access to the Field Item Download layout. For licensing and usage information, see the Unity Briefcase or Integration for Netsmart Homecare documentation.

    Folio

    Allows users to create and configure their own folios and add documents to them. For licensing and usage information, see the Unity Briefcase or Integration for Netsmart Homecare documentation.

    Add / Modify CAD Services Hotspots

    Allows the user to configure hotspots on CAD documents.

    Hosted Signature Uploading

    Allows users to upload documents for signing and check package statuses. For licensing and usage information, see the Integration for DocuSign eSignature documentation.

    Hosted Signature Monitoring

    Allows users to check package statuses. For licensing and usage information, see the Integration for DocuSign eSignature documentation.

    Note:

    This option is not required for checking package statuses if the User Group is already assigned the Hosted Signature Uploading privilege.

    Hosted Signature Config

    Allows users to connect a signature service to OnBase, manage and configure hosted signature locations, and schedule hosted signature polling. For licensing and usage information, see the Integration for DocuSign eSignature documentation.

    Intelligent Capture AP Verification

    Allows users to train the Intelligent Capture for AP engine to identify where AP data can be found on documents. For licensing and usage information, see the Intelligent Capture for AP documentation.

    Note:

    If you deselect this option, the Interactive Data Capture option stays selected. If you do not wish to grant this privilege, you must manually deselect it.

    Interactive Data Capture

    Allows users to perform advanced indexing techniques on batch documents. For licensing and usage information, see the Advanced Capture or Intelligent Capture for AP documentation.

    DoD Certified Records Management

    This option is a legacy setting that is no longer respected by OnBase.

    Combined Viewer

    Allows access to Combined Viewer. For licensing and usage information, see the Combined Viewer documentation.

    Generate CSV Files

    Allows users to generate CSV files when View Keywords and Create List Report are also selected. For more information, see the Client, Unity Client, or Web Client documentation.