# Configuration

# Necessary rights for the ELO Administration Console

# System settings

Administration areas Rights
Manage users and groups Edit user data, main administrator
A user with the Main administrator right can administer ALL users and groups instead of just those who that user is set as administrator of.
Organizational units Main administrator
As an administrator of a user (with the right Edit user data), this user can be assigned to an existing organizational unit. The main administrator has access to the Organizational units section.
Metadata forms Edit metadata forms and fields
The Edit keyword lists right is also required to be able to edit the contained keyword lists, as well as the Main administrator right to delete metadata forms or save their data as a table later on.
Field templates Edit metadata forms
Keyword lists Edit keyword lists
Entry types Edit master data
Document paths Main administrator
Default document paths Main administrator
Encryption keys Main administrator
ELO online help URL Main administrator
Stamps Edit master data
ELO Forms Services URL Main administrator
ELO Analytics URL
Repository properties Main administrator
Font colors Edit master data

# Maintenance

Administration areas Rights
Administration mode Main administrator
Report options Main administrator
Delete report entries Main administrator
Delete and remove Main administrator
Backup tasks Main administrator
Password rules Main administrator
Move document files Main administrator

# Server modules

Administration areas Rights
ELO Automation Services Main administrator
Backup profiles Main administrator
Full text service Main administrator
Create password Main administrator
ELO Transport Main administrator
Configuration files Main administrator
Form designer Manage workflows
ELOxc Not checked in the ELO Administration Console. The check is performed in ELOxc.

# System information

Administration areas Rights
Administration folder Main administrator
Server information Main administrator
Users in system Main administrator
Statistics Main administrator
License overview Main administrator
License report Main administrator
Log files Main administrator
Monitoring Main administrator
Test checksums Main administrator

# Others

Administration areas Rights
LDAP Import Main administrator
Block access Main administrator

# Document encryption

ELO systems provide a method to encrypt documents. These documents are encrypted at the operating system level and can only be opened with a password, ensuring that documents are safeguarded against unauthorized access, even when performing data backups.

In addition to the ACL authorization settings in ELO, you can encrypt documents that contain confidential or sensitive information. This also protects documents from being viewed by administrators at the operating system level.

Starting with ELO version 12, documents are encrypted with AES-256 (Advanced Encryption Standard), a symmetric encryption method that uses block encryption. There are now more than 16 encryption keys. Encryption and decryption take place on the server side.

Documents that have already been encrypted remain in the old encryption mode. Both encryption methods are listed in the database and run simultaneously in a compatibility mode.

It is only possible to encrypt a document with ELO functions when it is filed to the ELO repository. Documents in the Intray are always stored in unencrypted format until they are moved to the repository. ELO functions are not designed to encrypt documents already in ELO, because as soon as documents are filed to the repository, the documents may be distributed in unencrypted form to a backup path, revision-controlled media, and various backup systems.

Encryption can only be configured by users with the Main administrator right. A user who knows the encryption key and the corresponding password is able to implement encryption. An encryption key is therefore not necessarily bound to a single person – it can also be used for groups.

Documents encrypted with AES-256 can be added to the full text database. To do this, you need to create a system user that can access the encrypted documents. You can, but do not have to, add encrypted documents to the full text database.

The encryption keys are not to be confused with the keys concept that was discontinued starting with version 10.

You will find more information on encryption under Configuration and administration > System administration > Folders and documents > Encryption keys.

Last updated: June 17, 2024 at 2:07 PM