Hyland Connect

Nat_Mara · ‎07-23-2014

I have a question regarding Security KW. I have perused the 13 MRG and I do not see this specifically addressed. If a member is part of 2 groups with different values for the same KW, how does OnBase determine which group to enforce. We have a security KW of Restricted and the choices are either Y or N. User A is part of Court Services division which is set to Not = Y so it shows as "Restricted" in the hit list. User A is a manager and also part of another user group that does not have any security KW restrictions. Under DB settings I have unchecked the "Perform security KW checking during DB query" so that restricted documents show. When user A logs in she sees "Restricted" even though the manager user group have full access to documents with the security KW. I know that for Document type Permissions you can set least or most restrictive, but this is different I believe.Are there any ways around this. when you tie into AD users may end up being in multiple user groups. My only way around this is remove user A from Court Services group, but my fear is that when she logs in next time that OnBase checks User A's AD groups and re-adds him/her.

John_Anderson4 · ‎07-24-2014

A group with security keywords always takes precedence. You might want to try adding security keywords to the manager user group of Restricted = Y and Restricted = N.

However, mixing "Equal" and "Not Equal" security keywords doesn't really work very well. I think it would work better to change the Court Services group security keywords to be "Restricted = N" instead of "Restricted != Y"

Or remove them from the Court Services group.

It sounds like your security setup is probably too complex and it may be worth re-working from the ground up.

Nat_Mara · ‎07-24-2014

Thanks for the reply John. Unfortunately, as you pointed out mixing equal and not equal did not work right in this case. I agree that it is probably too complex, but unfortunately this unit had a requirement that most users could not see Restricted documents but needed to know they were there so they could ask a supervisor. The only way I could see in the MRG to see "Restricted document" in the hit list was setting it up to not equal to Y and also unselecting "perform security KW checking during DB query". I guess once the users are added to all their AD groups, I will then have to go and remove the unit managers from the Cour Services group. I hope OnBase does not add them back automatically.regards,Nat

Roger_Linhart · ‎07-28-2014

Hi Nat.

If you're using NT or Active Directory integration, users will be added back to any mapped OnBase groups upon subsequent login.

Nat_Mara · ‎07-28-2014

Thanks Roger, and that is exactly what I was afraid of. Ugh .... while my setup may be unnecessarily complicated, I really think Hyland needs to reconsider how it handles security KW across multiple user groups. We cannot be the only organization that wants users to not view documents but be aware of their existence. Currently that can only be accomplished by using <>= KW values.Appreciate the confirmation though.

Hyland Connect

Security Keywords