EERP and Content Manager Document Search Security

Owned by Knowledge Assistant
Last updated: Nov 07, 2024
1 min read



Description of Issue

Content Manager’s Document Search feature in the web application integrates into Tyler’s Hub Global Search; currently the search utilizes Content Manager Security groups only and does not use Enterprise ERP security roles. This means depending on your sites security preferences and settings users may have access to documents through this method that they do not have using the classic or new view through Enterprise ERP which uses both Enterprise ERP Roles and Content Manager security groups. For example, if your sites Enterprise ERP Roles for a user does not allow them to enter the payroll module, in viewer users would not be able to attain access to any payroll documents. However, if using the Document Search Web Application, Enterprise ERP security roles are not currently in place so if the user has a CM security group that allows access to payroll documents, then users could potentially see those documents. This may be the case if your site typically utilizes MU_ACCESS_STANDARD for most users and controls access mainly via Enterprise ERP role permissions. 



Context

  • Enterprise ERP 

  • Munis

  • CM

  • Content Manager

  • Hub

  • Document Search

  • Web Application Features 



Cause

Historically Content Manager has been able to leverage EERP Roles, which is why most clients preferred to keep users out of the Full Client. With Document Search and Hub making this search more accessible this issue is more prominent. This may cause a conflict of which documents can be seen by users if sites are not aware that the security in this feature is different from what can be seen directly through Enterprise ERP’s classic viewer or new viewer. Some sites may be ok with this configuration, but we recommend reviewing your sites permissions to ensure that users are assigned the correct permissions regardless of where they are viewing documents. We have provided solutions for sites via the releases below to turn this functionality on/off depending on preference. Long term we are working on adding Enterprise ERP roles into the feature via MUN- 464061 (tentative release EERP 2024.5). Please see our current recommendations below.  



Resolution

  • For sites not wanting to utilize the Document Search in the web application, we recommend the following actions. These settings will be standardly configured this way beginning with Content Manager versions 2024.1.31+, 2024.2.21+ and 2024.3.4+ and HUB versions 2024.3.2+, 2024.2.4+, 2024.1.7+, 2021.12.8+ and 2021.11.5. To ensure this feature can be fully disabled an update of both Content Manager and HUB is necessary to one of the versions of above. 

  • For sites that have been using this feature and would like to continue to do so we recommend the following to allow users to use this feature, which will continue for the time being to use Content Manager Security Group Permissions only: 

  1. Navigate to HUB administration 

  2. In Administration, navigate to System Settings > External Systems > Setup  

  3. In setup, expand Content Manager  

  4. In the Content Manager section, set the toggle Enable Documents on Global Search to be true. This will enable the documents tab in Global Search. 

  5. Add the CM Security group MU_WEBSEARCH permissions to any user that you wish to have access to use the Document Search Web Application.



Additional Information

https://tylernow.atlassian.net/wiki/spaces/KA/pages/588906506/How+to+link+a+Munis+Role+to+a+TCM+permission+group+from+User+Attributes 

https://tylernow.atlassian.net/wiki/spaces/KA/pages/602931271/How+to+Run+or+Schedule+an+Update+in+Tyler+Deploy+for+a+ProductÂ