How does security work in DocRecord?

Owned by Ben Ha (Deactivated)
Jun 20, 2017

Summary:

DocRecord uses role-based security to ensure the integrity and security of the documents stored within the system, and to ensure that only those users who are authorized have access to those documents.

DocRecord uses transport level security to secure all communications between the Document Server and its client components.

DocRecord uses version control to manage changes to documents. Before any document can be modified by a user it must be checked out; the user must have check-out permissions on the document. When the user checks the document back in, DocRecord creates a new version with the modified files, preserving the original files of the previous version, as well as providing the ability to revert back to the previous version.

DocRecord provides the ability to maintain audit logs of all or specific activities performed by users when working with documents managed by the system.

Role Security:

User Roles offer a user-focused approach to security where permissions and restrictions are defined per role, not per Folder or Document. In this way, a user can be assigned a role with pre-set permissions without modifying security at the Folder or Document level.

When a User is a member of more than one User Role, the set of permissions that determine how that User may interact with Categories, Documents and Folders is determined by combining the permissions for each of the Roles she is in.

  • If the user is permitted access to a Category in any Role she is a member of, then she will be able to view that Category in any client interface. Likewise, if the user has access to a Folder in any Role, she will be able to view the Folder in any client interface.
  • Folder Authorization determines which Folders a Role permits the user to view and Folder Permissions determines which operations the Role allows on those Folders, while Category Authorization determines which Categories a Role permits the user to view and Document Permissions determines which operations the Role allows on Documents in those Categories.

  • When the user accesses a Folder the set of permitted operations is determined by combining the Folder permissions flags in each Role the user is a member of that also allows access to the Folder.

  • When the user accesses a Document the set of permitted operations is determined by combining the Document permissions in each Role the user is a member of that also allows access to the Category that the Document belongs to.

  • For Windows domain environments, users and groups from Active Directory may be assigned to a User Role.  And for Windows workgroup environments, internal DocRecord users may be created and assigned to a User Role.

Secure Communications:

DocRecord uses Windows Communication Foundation for all communication between the Document Server and its client components. This communication has the following characteristics:

  • Implements transport-layer security.

  • Leverages Windows security for transfer security and authentication.

  • Uses TCP for transport.

  • Implements binary message encoding.

  • Implements WS-Reliable Messaging.