Mayan EDMS provides role-based workflows and API access for document lifecycle operations. Security should focus on RBAC, message queue and storage isolation, and cryptographic key handling.
¶ 1) Lock down permissions and workflow roles
- use least-privilege roles for upload, indexing, and administration tasks
- keep superuser/admin accounts limited and audited
- review document type permissions after workflow changes
¶ 2) Protect internal services and task queue
- isolate PostgreSQL (13.11+) and Redis (7.0.5+) components on private networks
- run workers and web application with separate least-privilege service users
- enforce TLS termination at reverse proxy and block direct app port exposure
¶ 3) Secure signing/crypto and document backups
- protect signing and encryption keys referenced by Mayan EDMS from shared filesystem access
- encrypt backup sets that include documents, metadata, and OCR output
- test restore procedures to verify ACL and workflow metadata integrity
- Mayan EDMS project site: https://www.mayan-edms.com
- Mayan EDMS source code: https://github.com/mayan-edms/Mayan-EDMS
Any questions?
Feel free to contact us. Find all contact information on our contact page.