Apply security groups to users

Distribute user security code membership

If you transfer data from Active Directory to WorkZone as defined in previous sections, only the registered Organizational units would be transferred.

To transfer the users and user details, you must include them in one of nine distribution groups, which secure the alignment of a corresponding security level.

ScanJourCaptia<database name>-<security code>

Note: The distribution groups can be found in the AD tree under the ScanjourCaptiaAdministration entry.

See Access Active Directory for more details.

  1. In the AD tree with a list of users that you have created, right-click the user and select Properties.
  2. In the <user name> Properties dialog box, click the Member of tab.
  3. Click Add. The Select groups dialog box appears.
  4. In the Enter the object names to select field, start typing the name of the distribution group into which you want to include the user and click Check Names. The Multiple Names Found dialog box is displayed.
  5. Select the distribution group.
  6. Click OK.
  7. Click OK in the following dialog boxes to verify the membership of the user.

Log-on users and employees in WorkZone

When data is transferred from AD to WorkZone, each user becomes:

  • A log-on user in the WorkZone User register. In a default configuration, user log-on name is transferred to user name in WorkZone and is equal to the user ID.
  • An employee in the WorkZone Employee register. It can be used in the user interface list such as the Case handler list.

Create or copy users

Another way to create a user is to copy a user who already has the memberships you want the new user to have, for example, security code 6 and required access codes. You can change the default settings of the new user as needed.

Discontinue users

Before discontinuing a user in Active Directory, it is essential to investigate whether the user has used user access codes.

If the user has applied user access codes to cases, documents, or contacts, you can use the Lost and Found functionality to uncover cases, documents or contacts that normally do not appear in searches because they are owned by the discontinued user.

When the user has been deactivated in AD and a transfer has taken place (either manually or as a scheduled task), you should be aware of the following:

  • Discontinued users remain in the WorkZone User register but they do not have any permissions. The security code of the user is 0 now, which means that the user has no access to the database.
  • Discontinued users continue to be employees in Employee register and are therefore still owners of terminated cases or archived documents.
  • The user access codes of the deactivated users have been terminated.

Change the Organizational unit for the user

When a user is moved from one Organizational unitto another in the Active Directory tree, this only affects the unit access codes of the moved user. However, you should be aware of the following:

  • A changed Organizational unit will affect all cases, documents, and addressees where the user has applied unit access codes. These can no longer be viewed by the case handler, only by members of the former case handler’s responsible unit.
  • The items will not appear in Lost and Found for the reason that the rest of the members of the unit in question can still view it.
  • All the items of the moved user will need to have the Responsible Unit field updated: either manually per item or multi-edited by a user with the system access code MULTIEDIT.