workspace administration (high)

Question 1

how can you use the instance setting Relativity.Authentication WindowsAuthIpRange to define an IP address for users to log in?

Answer 1

this setting is used to define the valid range for the Relativity instance; the default defines all IP addresses as valid

Question 2

how do trusted IP ranges work to define IP addresses for users to log in?

Answer 2

specifies a valid IP address or addresses for each user, which could be an individual address, a range of addresses, or combination of either

Question 3

what are 2 ways that an IP address range could be set for Relativity users?

Answer 3

WindowsAuthIpRange and Trusted IP range

Question 4

can WindowsAuthIpRange and Trusted IP range be used to stop users from logging in if they access Relativity from the same server where it is installed?

Answer 4

No, you must disable non-admin user remote access to the server

Question 5

what instance settings can you use to define integrated authentication behavior? (2)

Answer 5

UseWindowsAuthentication and WindowsAuthIpRange instance settings

Question 6

If UseWindowsAuthentication is False, then:

Answer 6

integrated authentication can’t be used. Relativity ignores the WindowsAuthIpRange value.

Question 7

if UseWindowsAuthentication is True and WindowsAuthIpRange isn’t set:

Answer 7

then integrated authentication will always be used regardless of IP address

Question 8

If UseWindowsAuthentication is True and WindowsAuthIpRange is an IP address or address range:

Answer 8

then Integrated Authentication is used when the computer’s IP address falls within the WindowsAuthIpRange value.

Question 9

what kind of server do you need to send email authentification?

Answer 9

SMTP server

Question 10

what instance settings are needed to define the emails addresses and body text for authentification? (3)

Answer 10

• AuthenticationEmailFrom - sets the email address that appears in the From field of email messages that contain authentication information for users.
• EmailFrom - sets the email address populated in the “From” field when sending email notifications.
• ForgotPasswordRequestEmailFrom - sets the value in the From field for the forgotten password request email message.

Question 11

what is relativity not certified to work with any version of?

Answer 11

RSA Authentication Agent for Web for Internet Information Services

Question 12

how many agents must you add for each web server in your relativity environment?

Answer 12

one

Question 13

what must you do before you configure RSA authentication in Relativity?

Answer 13

you must copy the RSA configuration files to your Relativity web server

Question 14

a user can have multiple login methods, but only one from what categories?

Answer 14

only one from among password, RSA, and active directory

Question 15

the invitation workflow works applies to which methods? (3)

Answer 15

password only,
password 2-factor, and
password outside trusted IP

Question 16

how long is the invitation email for the password only option valid for?

Answer 16

one week

Question 17

what instance setting can be used to increase the default invitation link expiration period?

Answer 17

InvitationLinkLifetimeInMin

Question 18

how does the password 2-factor option work?

Answer 18

requires a passcode in addition to a password; The system emails a passcode to the user during logon, and it’s different each time.

Question 19

how long is the link in the email for the password 2-factor option valid for?

Answer 19

5 minutes, and only the most recently-sent email can be used. The link expiration time is not configurable.

Question 20

how does the password outside trusted IP option work?

Answer 20

requires a passcode only if the user logs in outside of a specified IP range. If the log on is inside the trusted range, then only a password is required.

Question 21

how are passwords reset in Relativity?

Answer 21

by sending the user an email with a reset link

Question 22

how long is the link within the email for password reset valid for?

Answer 22

15 min, and only the most recently sent email can be used

Question 23

what instance setting can you use to increase the default reset link expiration period?

Answer 23

PasswordResetEmailExpirationInMinutes

Question 24

can system admins set or see passwords?

Answer 24

no, by default

Question 25

in order to manually set a password, what instance setting must be configured?

Answer 25

AdminsCanSetPasswords instance setting, set to true

Question 26

how does the active directory method work?

Answer 26

uses Windows Active Directory to authenticate the user

Question 27

how does integrated authentication work?

Answer 27

uses Windows supported authentication protocols, such as Kerberos, to automatically log in users

Question 28

what 2 instance settings must be configured in order to use integrated authentification?

Answer 28

• UseWindowsAuthentication - must be set to True to use Integrated Authentication
• WindowsAuthIpRange - set this to the IP address or addresses for a trusted range of computers

Question 29

how does client certificate authentication work?

Answer 29

uses a smart card assigned to a user

Question 30

how does RSA authentication work?

Answer 30

requires a user to have an RSA SecurID token that is registered with your RSA Authentication provider

Question 31

why does implementing client domains require an additional license from Relativity?

Answer 31

Each client domain license is unique, and client domains can have different terms encoded on their license keys. The license for a client domain is unrelated to any other license for Relativity (e.g., number of seats).

Question 32

what cannot be activated for Client objects that have existing workspaces associated with them?

Answer 32

Client domains functionality

Question 33

what is the purpose of the client domain feature?

Answer 33

an easier way to securely isolate users, workspaces, groups, resource pools, and matters by client

Question 34

what is the root object of a client domain?

Answer 34

the client object in the administrative workspace

Question 35

if you enable client domains a client, you can no longer do the following:

Answer 35

• cannot disable it on that client later,
• cannot edit the name of the client
• cannot delete the client

Question 36

what can a user group that is not part of the system admin group (named: client domain admins) do?

Answer 36

perform common administrative tasks within their own client domain with limited visability into the Relativity environment as a whole

Question 37

what does enabling client domains on a client involve?

Answer 37

generating a client domain request and then applying an activation key

Question 38

by enabling a client domain, you ensure that:

Answer 38

any content or other Relativity components associated with this client are visible only to a select group of users

Question 39

what must you do before client domains can be enabled on a client?

Answer 39

you must create all the objects you want to include within the client domain child objects of the client

Question 40

what instance setting must you configure to view and edit client domain settings?

Answer 40

ClientDomainFeatureAvailable to true

Question 41

what group should not be assigned as the workspace administrator group for a given workspace that is part of a Client Domain?

Answer 41

the everyone - (client’s name) group that is created after client domains are enabled

Question 42

what is created automatically after client domains are enabled?

Answer 42

• a new Everyone - [Client’s Name] group
• a unique copy of all resource pools associated with any workspaces under the client domain
• a client domain admin group that permits its members to perform admin operations within the client domain
• The Billing statistics - case rollup and Billing statistics - users reports include columns called Client Domain Name and Client Domain Artifact ID

Question 43

what overrides client domain isolation after enabling of client domain?

Answer 43

permissions assigned to groups

Question 44

enabling client domains does NOT change:

Answer 44

previously configured item level security settings applied to any objects within the client domain.

Question 45

what happens if you try to use an activation key for client domains on a different client?

Answer 45

error message; you must select the client that you originally used to generate the request key

Question 46

what are client domain admins?

Answer 46

essentially workspace admins for workspaces within the client domain; any limitations are based on the permissions you set for the user group in Relativity that the client domain admin belongs to

Question 47

can client domain admins perform tasks that are exclusive to Relativity System Administrators?

Answer 47

No

Question 48

what will happen if you use the Relativity User Import Application to import a Client Domain Admin?

Answer 48

the application adds that new user to the Everyone group by default, which will then break the Client Domain security in your Relativity instance

Question 49

if you grant workspace admins within the client domain permission to edit security settings for groups within the client domain, then:

Answer 49

they can’t edit permissions on groups outside of the client domain

Question 50

how do you make a client domain admin?

Answer 50

a system admin must add them to the client domain admin group

Question 51

what happens If you assign admin permissions to a user group by copying permissions from system admins?

Answer 51

you must unset and reset the View Workspace permission to allow the user group to edit the workspace

Question 52

what 5 categories are relativity workspace permissions divided into?

Answer 52

object security
tab visibility
browsers
mass operations
admin operations

Question 53

what does the object security tab list?

Answer 53

all workspace objects with their related item-level permissions

Question 54

some object permissions require what other permissions?

Answer 54

corresponding tab visibility or browser permission

Question 55

what overrides object-level security permissions?

Answer 55

item-level security

Question 56

what permission only appears if Audit is installed and configured?

Answer 56

export (mass operations)

Question 57

If a user has view access or greater to the History tab, but doesn’t have permission to View All Audits, then:

Answer 57

the user can’t view the history tab

Question 58

where can you edit workspace permissions?

Answer 58

using the Workspace Security dialog accessible from the Workspace Details tab

Question 59

what must you have in order to add and remove groups?

Answer 59

you must have the Edit Security permission set for the Workspace object and the Add and Delete permissions set for the Groups object (instance level security)

Question 60

if you are in a workspace admin group, what do you need in order to add a group to a workspace?

Answer 60

you must have the instance-level Edit permission to the Group object

Question 61

what can you do with instance security?

Answer 61

you can apply permissions to system admin groups to limit or grant access to particular system admin objects

Question 62

what do you need to be if you want to edit client and matter for a workspace?

Answer 62

a system admin

Question 63

If you grant tab visibility on a tab to a group that doesn’t have view permissions on that object, then:

Answer 63

users within that group are unable to view the tab

Question 64

Users will have access to the Workspaces tab even without the:

Answer 64

View Admin Repository permission

Question 65

where can you find the group permissions report?

Answer 65

in the instance details tab, clicking group permissions report

Question 66

what are the un-editable admin permission settings for the everyone group? (8)

Answer 66

• View User - visibility of user.
• View View - visibility of views.
• View Choice - visibility of choice.
• View Group - visibility of groups.
• View, Edit,and Add Error - visibility, edit rights, and add rights to errors.
• View Relativity Script - visibility of Relativity script.
• View Server - visibility of servers.
• View Tab Type - visibility of tab type

Question 67

system admins are the only users who can access: (6)

Answer 67

• library applications views
• library application detail
• relativity scrippt library view
• new script page
• edit script page
• run script page

Question 68

who is the only user able to grant other users membership into the system admins group?

Answer 68

a system admin

Question 69

should you use tab visibility as a sole method of preventing security permissions?

Answer 69

no

Question 70

what does the preview security feature allow a system admin to do?

Answer 70

interact with Relativity as if they are logged in as a specific user or a member of a specific group, allowing them to easily verify that the correct permissions are applied without logging in to Relativity under a different account

Question 71

If you perform a job while previewing a user’s security settings, then:

Answer 71

the audited action is credited to your username and not to the user whose security you were previewing when you started the job

Question 72

does the preview security feature allow the system admin to monitor the actions of a user in real time?

Answer 72

No, it only stimulates what the user would see

Question 73

what happens if you wanted to preview security on a member of the system admins group?

Answer 73

the preview security button is unavailable, and the favorites menu is disabled during preview security sessions

Question 74

when might you involve a wait time when altering security permissions from overwrite inherited security to inherit security and vice versa?

Answer 74

if it is affecting 50,000 records or more