How to Set Up Security in Collection-Master
Vertican License Manager (VLM)
Collection-Master Policies [4-1-S-3]
Goal
The goal of this document is to better understand how to set up security in Collection-Master. It covers the various areas of security from the Windows Active Directory to the Vertican License Manager (VLM), as well as policies within Collection-Master.
Vertican License Manager (VLM)
The VLM allows you to manage user access for the various applications with Collection-Master. From within VLM, you define “Standard” or “Administrator” Access (not to be confused as Administrator Access) and Enable or Disable a named user by their Windows Login Name to control Access to Collection-Master.
Windows Active Directory
Using Windows Active Directory, you can grant access to the various Collection-Master folders.
On the Collection-Master server, “Allow Login Locally” must be granted. Do not confuse this with Remote Access, which is a completely different privilege.
Remove access to F:\CLSINC and its subdirectories to prevent access to Collection-Master.
Before you start Collection-Master in Client-Server Mode, be aware of the following.
- When running in distributed mode, users use F:\CLSINC\WBWIN\WB32.exe or other versions. In order to prevent a user from running in distributed mode, remove access to the following:
- F:\CLSINC\WBWIN\WBCONFIG.TXT
- F:\CLSINC\WBWIN\MAPDRIVE.txt
- Use Secure Data – Refer to the Mastermind session video and presentation on How to Secure Data in Collection-Master.
- Secure data folders
- Users will need full rights to these folders, but they should not be able to map the drives.
- Do not set up a UNC map to the secure data folders. These folders should be unavailable to the workstations.
- Secure data folders
- Folders underneath CLSINC
- Make the FOLDERS hidden, except for those shown in the image below (Note: Collection-Master doesn’t need the folders to be visible but users might). You may hide or unhide any folder(s) you find appropriate.
- Most users may have the following folders restricted to Read-Only.
- Note: As an example, some users may need additional rights to perform updates or automation tasks or to maintain templates.
WordPerfect Forms Library
F:\CLSINC\WORD
- The Word folder must be read/write in order for WordPerfect to merge.
- We recommend that you maintain your Forms Library in a separate location and restrict access to this folder (can be read-only). Periodically copy the forms to the F:\CLSINC\WORD folder to ensure that they remain intact. Note: PowerMerge will copy the forms to your local drives and in those cases, F:\CLSINC\WORD may be read-only.
Collection-Master Policies [4-1-S-3]
There is a policy “CM: ACCESS PROGRAM” that may be used to block a user or assign a password.nIt as a redundant secondary level of security. This is in addition to the Windows Active Security but may be used to deny access to a user even if they have VLM and Active Directory rights to Collection-Master.
Security Policy Hierarchy
When a policy is directly defined for a User’s initials, that policy (Yes/No/Password) will be in effect. Any other policies defined by a group assigned to the user are irrelevant.
A common strategy is to set up “Everyone” or “***” as “No” to deny a feature and then add groups to define users that are allowed to use the feature.
When Groups are used, the system will scan through all of the groups.
- If any of the groups are set to “Yes”, the policy will be allowed.
- If “Yes” is not found, but “Password” is assigned to a group, then the user will be prompted to type a password. Note: You might have several groups for the same policy. If they have separate passwords, you will need to determine the correct password. The screen that requests the password will display the group that was defined with that password.
- If neither “Yes” nor “Password” is found but “No” is encountered, the user will be blocked.
- Finally, if a policy is not defined in any place, then the default value is “Yes” and the user will be allowed. Note: Some policies are set up as “Restrict” as opposed to “Allow.” The default is still “Yes” but in these cases, “Yes” means Restrict Access.
MENU: Security Policies
You can add security for each menu level.
- Yes – Allow the user access to the menu item.
- No – Deny the user access to the menu item.
- Password – Require a password to access the menu item.
Other Security Policies
Many behaviors in Collection-Master are also defined by policies. Some policies can be assigned to “Everyone”, but others will apply to specific people or groups.