Field / Property	Type	Description
default.user.role	String	Sets the default general connection role. Any user to successfully login in the screen needs to have default.user.role or default.admin.role, otherwise will get 403 error. ROLE_USER
default.admin.role	String	Sets the default administration connection role. This role will get users access to Administration tools. Any user to successfully login in the screen need to have default.user.role or default.admin.role, otherwise will get 403 error. ROLE_ADMIN
user.assign.document.creation	Boolean	By default when a user creates a node, he is added to the node with full permissions. You can disable this behavior by setting this parameter to false. By default the parameters is set to true. true
user.password.reset	Boolean	Sometimes the user loses or forgets their password. When this option is enabled, used in landing page have got the option to restart their password and be notified with a newer one by mail. By default this option is set to false. false
system.antivir	String	Path to antivirus. An antivirus can decrease perfomance, taking several seconds to analyze each document and consuming a lot of CPU resources.
security.access.manager	String	Sets security access manager determinate the way on how the security is evaluated. Default value is "simple". Values: simple. recursive. read_recursive. simple Takes a look at Security configuration
security.search.evaluation	String	Sets the security search manager and determinates the way how the security is evaluated by search engine. Values: lucene. am_more, am_window or am_limited. Take a look at Security configuration
security.extended.mask	Integer	Security evaluation can be extended to downloaded files, starts workflows, adds, removes or modifies property groups ( metadata ) or compact history. Default value is empty. Values: DOWNLOAD = 1024; START_WORKFLOW = 2048; COMPACT_HISTORY = 4096; PROPERTY_GROUP = 8192; For example to enable download and property groups you should put the mask 9216 ( 1024+8192 ) 9216 Take a look at Security configuration
security.live.change.node.limit	Integer	When security changes affect more than the values set in this property the security changes are applied as a background task. 100 Take a look at Security configuration
system.login.lowercase	Boolean	By default is empty. In case connecting to AD ( Microsoft Active Directory ) must be set to "true", that force all users to be logged with lowercase user Id. The reason is OpenKM is case sensitive and Microsoft Active Directory not.
principal.adapter	String	You must restart OpenKM service after you change this parameter OpenKM can handle user access using the Spring Security framework. OpenKM needs an available method for reading users and roles, so when users are stored in a database (as is the default), the class DatabasePrincipalAdapter does this job. com.openkm.core.DatabasePrincipalAdapter If you configure OpenKM to authenticate against an LDAP server, you need to configure another principal adapter like LdapPrincipalAdapter. More information at: LDAP configuration. Creating your own login module.
principal.identifier.validation	String	Sets a regular expression to validate on the creation of user names and roles names. ^[a-zA-Z0-9_]+$ This parameter only can be used in combination with "principal.adapter" parameter value "com.openkm.core.DatabasePrincipalAdapter".

Table of contents [ Hide Show ]

Security configuration parameters

Field / Property	Type	Description
default.user.role	String	Sets the default general connection role. Any user to successfully login in the screen needs to have default.user.role or default.admin.role, otherwise will get 403 error. ROLE_USER
default.admin.role	String	Sets the default administration connection role. This role will get users access to Administration tools. Any user to successfully login in the screen need to have default.user.role or default.admin.role, otherwise will get 403 error. ROLE_ADMIN
user.assign.document.creation	Boolean	By default when a user creates a node, he is added to the node with full permissions. You can disable this behavior by setting this parameter to false. By default the parameters is set to true. true
user.password.reset	Boolean	Sometimes the user loses or forgets their password. When this option is enabled, used in landing page have got the option to restart their password and be notified with a newer one by mail. By default this option is set to false. false
system.antivir	String	Path to antivirus. An antivirus can decrease perfomance, taking several seconds to analyze each document and consuming a lot of CPU resources.
security.access.manager	String	Sets security access manager determinate the way on how the security is evaluated. Default value is "simple". Values: simple. recursive. read_recursive. simple Takes a look at Security configuration
security.search.evaluation	String	Sets the security search manager and determinates the way how the security is evaluated by search engine. Values: lucene. am_more, am_window or am_limited. Take a look at Security configuration
security.extended.mask	Integer	Security evaluation can be extended to downloaded files, starts workflows, adds, removes or modifies property groups ( metadata ) or compact history. Default value is empty. Values: DOWNLOAD = 1024; START_WORKFLOW = 2048; COMPACT_HISTORY = 4096; PROPERTY_GROUP = 8192; For example to enable download and property groups you should put the mask 9216 ( 1024+8192 ) 9216 Take a look at Security configuration
security.live.change.node.limit	Integer	When security changes affect more than the values set in this property the security changes are applied as a background task. 100 Take a look at Security configuration
system.login.lowercase	Boolean	By default is empty. In case connecting to AD ( Microsoft Active Directory ) must be set to "true", that force all users to be logged with lowercase user Id. The reason is OpenKM is case sensitive and Microsoft Active Directory not.
principal.adapter	String	You must restart OpenKM service after you change this parameter OpenKM can handle user access using the Spring Security framework. OpenKM needs an available method for reading users and roles, so when users are stored in a database (as is the default), the class DatabasePrincipalAdapter does this job. com.openkm.core.DatabasePrincipalAdapter If you configure OpenKM to authenticate against an LDAP server, you need to configure another principal adapter like LdapPrincipalAdapter. More information at: LDAP configuration. Creating your own login module.
principal.identifier.validation	String	Sets a regular expression to validate on the creation of user names and roles names. ^[a-zA-Z0-9_]+$ This parameter only can be used in combination with "principal.adapter" parameter value "com.openkm.core.DatabasePrincipalAdapter".