# Configuration
# Necessary rights for the ELO Administration Console
# System settings
| Administration areas | Rights |
|---|---|
| User administration | Edit user data, main administrator |
| A user with the right Main administrator can administer ALL users instead of just those who that user is set as administrator of. | |
| Group manager | Edit user data, main administrator |
| A user with the right Main administrator can administer ALL groups instead of just those who that user is set as administrator of. | |
| Organizational units | Main administrator |
| As an administrator of a user (with the right Edit user data), this user can be assigned to an existing organizational unit. The Main administrator has access to the Organizational units section. | |
| Metadata forms | Edit metadata forms and fields |
| The Edit keyword lists right is also required to be able to edit the contained keyword lists, as well as the Main administrator right to delete metadata forms or save their data as a table later on. | |
| Field templates | Edit metadata forms |
| Keyword lists | Edit keyword lists |
| Entry types | Edit master data |
| Document paths | Main administrator |
| Default document paths | Main administrator |
| Encryption keys | Main administrator |
| ELO online help URL | Main administrator |
| Stamps | Edit master data |
| ELO Forms Services URL | Main administrator |
| ELO Analytics URL | |
| Repository properties | Main administrator |
| Font colors | Edit master data |
# Maintenance
| Administration areas | Rights |
|---|---|
| Administration mode | Main administrator |
| Report options | Main administrator |
| Delete report entries | Main administrator |
| Delete and remove | Main administrator |
| Backup tasks | Main administrator |
| Password rules | Main administrator |
| Move document files | Main administrator |
# Server modules
| Administration areas | Rights |
|---|---|
| ELO Automation Services | Main administrator |
| Backup profiles | Main administrator |
| Full text service | Main administrator |
| Create password | Main administrator |
| ELO Transport | Main administrator |
| Configuration files | Main administrator |
| Form designer | Manage workflows |
| ELOxc | Not checked in the ELO Administration Console. The check is performed in ELOxc. |
# System information
| Administration areas | Rights |
|---|---|
| Administration folder | Main administrator |
| Server information | Main administrator |
| Users in system | Main administrator |
| Statistics | Main administrator |
| License overview | Main administrator |
| License report | Main administrator |
| Log files | Main administrator |
| Monitoring | Main administrator |
| Test checksums | Main administrator |
# Others
| Administration areas | Rights |
|---|---|
| LDAP Import | Main administrator |
| Block access | Main administrator |
# Document encryption
ELO systems provide a method to encrypt documents. These documents are encrypted at the operating system level and can only be opened with a password, ensuring that documents are safeguarded against unauthorized access, even when performing data backups.
In addition to the ACL authorization settings in ELO, you can encrypt documents that contain confidential or sensitive information. This also protects documents from being viewed by administrators at the operating system level.
Starting with ELO version 12, documents are encrypted with AES-256 (Advanced Encryption Standard), a symmetric encryption method that uses block encryption. There are now more than 16 encryption keys. Encryption and decryption take place on the server side.
Documents that have already been encrypted remain in the old encryption mode. Both encryption methods are listed in the database and run simultaneously in a compatibility mode.
It is only possible to encrypt a document with ELO functions when it is filed to the ELO repository. Documents in the Intray are always stored in unencrypted format until they are moved to the repository. ELO functions are not designed to encrypt documents already in ELO, because as soon as documents are filed to the repository, the documents may be distributed in unencrypted form to a backup path, revision-controlled media, and various backup systems.
Encryption can only be configured by users with the Main administrator right. A user who knows the encryption key and the corresponding password is able to implement encryption. An encryption key is therefore not necessarily bound to a single person – it can also be used for groups.
Documents encrypted with AES-256 can be added to the full text database. To do this, you need to create a system user that can access the encrypted documents. You can, but do not have to, add encrypted documents to the full text database.
The encryption keys are not to be confused with the keys concept that was discontinued starting with version 10.
You will find more information on encryption under Configuration and administration > System administration > Folders and documents > Encryption keys.