Summary

This article describes how to set up security to ensure that Laserfiche Workflow Suite can route documents.

More Information

In order for Laserfiche Workflow Suite to correctly route documents, security must be properly configured for the Laserfiche Server Automation service and for the Laserfiche user account assigned to the Work Distribution Agent.

To configure security for the Laserfiche Server Automation service

The Laserfiche Server Automation service must be logged in as a Windows user who has rights to Microsoft SQL Server. Please perform one of the following:

• If Microsoft SQL Server and the Laserfiche Server are on the same machine, then no additional configuration is required. The Local System account, which is assigned to the Laserfiche Server Automation service by default, has sufficient rights to Microsoft SQL Server.
• If Microsoft SQL Server is hosted on a computer other than the one on which Laserfiche Workflow Suite has been installed, you will need to change the log on settings for the Laserfiche Server Automation service. The Laserfiche Server Automation service will need to be assigned a domain account with rights to Microsoft SQL Server. The following procedure indicates how to change the log on settings for the Laserfiche Server Automation service.
  1. Open Services, which can be found in Administrative Tools from the Control Panel.
  2. Select the Laserfiche Server Automation service.
  3. From the Action menu, select Properties.
  4. Click the Log On tab.
  5. Select the This account option.
  6. In This account option, type the Windows domain account that the Laserfiche Server Automation service will use to access Microsoft SQL Server. Keep in mind that this account must have rights to the SQL database associated with the Laserfiche repository.
  7. Click OK.

To configure security for Work Distribution Agent

The minimum security configuration for the Laserfiche user assigned to Work Distribution Agent is described below:

• Feature Rights: The user must have the Move Object or Move Entry right.
• Entry Access Rights: The user must have the following rights on all monitored folders: Browse, Read, Write or Modify Contents, Delete Shortcuts, Create Shortcuts, Create Documents, and Create Folders.
• Security Tags: The user should have all security tags associated with documents that will be routed. Please note that you will need to restart Laserfiche Server Automation whenever a new security tag is assigned to this user.
• Volume Access Rights: If copies of documents need to be created, then the user must have the Read, Append, and Create Documents right on the appropriate volumes.
• Field Access Rights: The user must have Read rights on every field in templates that it will monitor. The best way to accomplish this for all present and future fields is to grant the Manage Metadata privilege.

Note: Laserfiche Workflow Suite will not monitor the actions of the Laserfiche user assigned to Work Distribution Agent. As a result, changes made by that Laserfiche user will not result in the routing of documents. Therefore, it is recommended that a dedicated Laserfiche user be assigned to Work Distribution Agent. In other words, the specified Laserfiche user should not perform any activity (e.g. changing field data, moving documents, etc.) in the Laserfiche repository.