I am looking for feedback on best practices for setting up security within DocStar. My team has read the DocStar documentation but would like some real life examples used in supporting a multi-site company with multiple approval groups based on content type and possibly meta data within a given content type.
Who is willing to tip their hand and show us (mock or actual) folders, content types, groups that they’re using and how/if workflows are used to support the security setup?
OK, you will need to know that the security and folder structure is somewhat dictated by Epicor when using attachments. As you may already know, there’s really no concept of a folder in DocStar like you have in a file system. A single document can exist in multiple folders at the same time in DocStar.
The Epicor attachment system was built first in a file system. The folder hierarchy is Company, Table, Document Type. So let’s say you have a company ID of ACM and document type of Order. Epicor will place the document attached to the Order in this this folder:
ACM
|
- OrderHed
|
- Order
YourOrderDocument.pdf
Epicor also builds a Security group based on your document type that is the document type plus the company ID, e.g. Order_ACM. These are not choices you get to make, so before planning too much, I would highly recommend taking the “ERP DocStar Integration for Epicor Customers” course in DocStar’s Care Central site. It explains all this in great detail.
We’re doing a full combination of Epicor Attachments and standalone DocSTar for HR, and we are multi-company, multi-approver (for AP processing) AND we’ve integrated AD into the mix so we do not have to manage groups/users inside Docstar.
Is there anything specific? The full explanation would take some time. I think your best option is to get with a DS implementation team (the same that helped me is working with @anon31358647 I believe) and they are very good about helping you get this all worked out and trained so you can ‘own’ it yourself.
EDIT- I agree with @anon31358647 - understanding the actual vs the conceptual is important - folders inside Docstar are nice, but not mandatory. And you need to differentiate between Epicor controlled attachments and standalone DocStar documents because you cannot alter the content types and metadata (fields) of inside Docstar for those created via Epicor or the interface breaks.
There is a LOT to understand but once it’s set up it’s quite nice.
Too kind sir We are implementing right now and everything is just very fresh for us since we’ve just been through all the effort without any previous knowledge.
Thanks, Mike. We’re working with a team from Epicor now but the support we’ve received so far helps us get the system up and running.
Like you, we’d like to have Epicor attachments as well as standalone with AD for maintaining our groups but I haven’t yet gone through the ERP DocStar Integration for Epicor Customers course @Mark_Wonsil recommended so I’m going to do that before I respond with a specific example…
We are attempting to use AD to login and I came across this post. I find your comments interesting. Are you saying that you are using AD for users to login in to the DocStar website and retrieve documents? Do you know where we can find instructions on doing so if that is the case? We attempted to go down that route, but was met with the only integration was that we would be able to retrieve user ID’s from AD and that’s it. We would still have to setup security, etc.
Not to complicate this discussion, but we do a little of both AD/LDAP and Azure AD authentication.
The LDAP integration was used to get the groups and keep them updated. We’ve created a few security groups that all us to apply security inside ECM/DS (they are dedicated for that use). Folders, workflows, approvers, and some other things are examples.
The Azure AD integration overlaps the LDAP security. We are in a hybrid scenario with new users coming in from Azure and old users having been in LDAP/AD on prem. Our whole AD is in transition. With Azure, you can create an Enterprise Application, then go into ECM/DS and create the Authentication Provider and connect it to Azure. Then the users need to be edited to include the appropriate details so ECM/DS can authenticate users based on how they log in. Plus Azure get’s us MFA for mobile and remote users.
Check the EpicWeb documentation for ECM docs - there are two that I know of covering LDAP/SAML. It covers most of it, but you have to know the other sides (Azure and LDAP/AD).