Hi Ami -
This is an old post, but I figured I'd answer it just in case someone comes across it in the future.
The Database Reference Guides for OnBase 18 and the various Foundation versions do a better job of explaining this than I can in a comment. The relevant sections for more detailed information are labeled 'Legacy Security Model' and 'High Security Model'.
The quick explanation is that in OnBase 17 and lower, the 'hsi' SQL account was granted more privileges than actually necessary. To offset this, SQL logins were created for each workstation that were mapped to a Role in SQL Server named 'CLIENTGP', which has less permissions. The hsi account is used to create the workstation login if it's missing, and subsequently the new workstation account will be used.
There was a refactoring of security first implemented in OnBase 18, which is dubbed the High Security Model. When fully implemented, HSI's permissions are scaled back, and the Workstation Account Creation option is no longer needed/can be disabled. The Reference Guides have more information on what's required to implement the High Security Model on an OnBase system upgrading to 18+. My understanding is that any system created starting with OnBase 18 should already be operating with the High Security Model, though.
