Document Security Software

Multi-layer security: library, folder, and document-level permissions, LDAP/Active Directory sync, role-based access, and re-authentication for critical actions.

Document security software protects files from unauthorized access while giving authorized users exactly the level of control they need. No more, no less. infoRouter delivers multi-layer security — permissions at the library, folder, and individual document level — plus role-based access, LDAP/Active Directory synchronization, optional Windows Authentication, and re-authentication for critical actions.


Key Takeaways

  • Document management security in infoRouter is enforced through three layers: Library membership, granular folder and document permissions, and role-based privileges.
  • infoRouter supports LDAP/Active Directory synchronization, Windows Authentication with SSO, and built-in authentication with configurable password complexity.
  • Document management security includes re-authentication for critical actions such as deleting documents, changing security settings, and approving workflow decisions.
  • Token-based API authentication ensures that programmatic access is held to the same security standard as interactive use.

The Problem: Shared Drives Have Two Settings, Open or Locked

Most file-sharing systems offer coarse access control: either everyone can see a folder, or you lock it down and deal with access requests every time someone needs a file. Permissions are hard to audit, harder to maintain, and almost impossible to inherit consistently across nested folder structures.

For organizations where compliance matters, this is not just inconvenient. It is a compliance risk.

The average cost of a data breach reached $4.45 million in 2023, with a 15% increase over the previous three years.
Source: IBM / Ponemon Institute

How infoRouter Security Works

Multi-Layer Access Control

Access to every document and folder in infoRouter is governed by three layers:

  1. Library membership. Users must be members of a Document Library to see anything inside it.
  2. Folder and document permissions. Incremental rights from No Access through List, Read, Add, Change, to Full Control.
  3. Role-based privileges. Administrators, Library Managers, Policy Managers, User Managers, and Document Owners each have defined capabilities.

Conflicting permissions are resolved automatically using C3 Security rules, so administrators do not have to guess which permission wins.

Role-Based and Group-Based Security

  • Roles. Administrator, Library Manager, Policy Manager, User Manager, and Document Owner, each with specific system privileges.
  • Groups. Global User Groups and Local User Groups (Library-specific) that inherit folder and document permissions.
  • Inheritance. Set permissions at the folder level and they cascade down through subfolders and documents automatically.

Folder and Document Permissions

Permissions are incremental and granular:

  • No Access
  • List
  • Read
  • Add
  • Add & Read
  • Change
  • Full Control

This means you can give a user permission to add documents to a folder without being able to read what is already there. That is useful for intake folders where contributors should not see existing content.


Authentication Options

infoRouter supports three authentication methods:

  • infoRouter Authentication. Built-in security database with configurable password complexity requirements.
  • Windows Authentication. Single sign-on for Windows domain users, with support for smart card readers and biometric factors.
  • LDAP / Active Directory. Import users and groups directly, with automatic synchronization so changes in your directory are reflected in infoRouter immediately.

Single Sign-On (SSO) is supported through both Windows Authentication and LDAP, so users access infoRouter with the same credentials they use for everything else. There are no additional passwords to manage or forget.

Token-Based API Security

All API interactions require an authentication token. Every module within infoRouter uses token-based authentication, ensuring that programmatic access is held to the same security standard as interactive use.


Re-Authentication for Critical Actions

Even after a user is logged in, infoRouter can require them to re-enter credentials before performing high-impact actions:

  • Deleting Libraries, documents, or folders
  • Deleting user accounts
  • Changing security settings
  • Changing document ownership
  • Updating classification status
  • Approving or rejecting workflow decisions

This setting is configurable per organization and applies regardless of the user's role. It prevents both accidental and unauthorized changes to critical system resources.


Library Policies for Compartmented Security

Each Document Library can have its own security policies, independent of system-wide settings. A compliance Library can enforce strict read-only access and mandatory approval workflows, while an operations Library allows broader editing rights. Administrators tailor security to the sensitivity of the content, not to a one-size-fits-all system policy.


HTTPS and Remote Access

infoRouter supports HTTPS (SSL/TLS) for all connections. Remote workers, external partners, and field teams access the system securely through a web browser. The same permission enforcement applies as for on-site users.


See Also


Frequently Asked Questions

How does infoRouter resolve conflicting permissions between users and groups?
infoRouter uses C3 Security rules to resolve conflicting permissions automatically, so administrators do not have to guess which permission takes precedence.
Can I give someone permission to upload documents without seeing existing files?
Yes. Permissions are incremental and granular. You can assign Add permission without Read, which is useful for intake folders where contributors should not see existing content.
Does infoRouter support single sign-on?
Yes. SSO is supported through both Windows Authentication and LDAP/Active Directory integration, so users access infoRouter with the same credentials they use for other enterprise applications.
What is re-authentication and when does it apply?
Re-authentication requires users to re-enter their credentials before performing high-impact actions such as deleting documents, changing security settings, or approving workflow decisions. This is configurable per organization.
Can different document libraries have different security policies?
Yes. Each Document Library can have its own security policies independent of system-wide settings. A compliance Library can enforce strict read-only access while an operations Library allows broader editing rights.

See It in Action

Schedule a demo to see multi-layer permissions, role-based access, LDAP sync, and re-authentication working in a live environment.

Schedule a Demo