Allowed Files
The DMS Mobile DESK by default prevents uploading documents with unknown file extensions. This reduces the risk of malicious file uploads, for example in the form of EXE, CMD, or JAR files. The list of allowed file extensions can be extended in the agent. If a user tries to upload a document with a non-permitted file extension, they will receive an error.
{
...
"PermittedExtensions": "jpg, jpeg, png, bmp, gif, txt, pdf, doc, docx, dot, dotx, ppt, pptx, xls, xlsx, zip, msg, beamsg, xml, json",
...
}This mechanism does not prevent a malicious file with an allowed extension from being imported.
winsolvenz Integration
The DMS Mobile DESK can load and display participants and their documents from winsolvenz.p4 (from 10.11a) in insolvency files in the app. For this, the winsolvenz system must be accessible from the on-premise agent via the LSB. Since DMS is also used by non-insolvency administrators, the menu item in the file only becomes visible when this is enabled in the appsettings.json. The agent’s overview page also shows whether the winsolvenz system is currently connected or not.
{
...
"ConnectWz": true,
...
}If multiple winsolvenz systems are accessible, all systems are queried for the participants of a case. The agent can also focus on a specific system:
{
...
"WinsolvenzDestinationQueue": "winsolvenzServerTransient_w...",
...
}Unlike the DMS connection, the winsolvenz connection does not use the
user rights of the requesting person, but those of the agent. The
technical user of the agent must therefore be added to the group “Alle
P4” or “Alle winsolvenz” in the on-premise STP UserManagement. If the
agent does not have winsolvenz rights, the call fails immediately.
This means that users who are not directly authorized to access
winsolvenz could read data from winsolvenz via the agent.
From Agent v1.8.6, a separate feature permission in the cloud is required for winsolvenz access. Older agents should therefore only be granted winsolvenz access rights if the DMS users also have all winsolvenz rights.
Parallel Requests
The agent can process and respond to requests from the cloud sequentially or in parallel. By default, requests are processed sequentially. A second request is only processed after the first has already been answered. In the appsettings.json, the agent can be switched to concurrent processing.
{
...
"HandleCloudRequestsAsynchronously": true,
...
}Universal Events
The agent can forward events that occur within DMS to the cloud. This allows cloud-based document processing or advanced integrations to be used. This forwarding can be enabled in the agent’s appsettings.json. The agent must then be restarted once for the configuration to take effect.
{
...
"EventsRelay": {
"NewDocumentEvent": true,
"NewDocumentVersionEvent": true,
"DocumentMetadataChangedEvent": true,
"DocumentDeletedEvent": true,
"ContainerIdsOnly": false
}
...
}The cloud is then informed when a new document is imported
(NewDocumentEvent) or a new version is created
(NewDocumentVersionEvent). Changes to metadata, such as the
category, are also forwarded (DocumentMetadataChangedEvent).
These actions do not have to happen via the Mobile DESK, but can also be
performed via Standard DESK, Outlook DESK, or even the DMS API. The
actions of all users across all files are considered.
Transferring the events to the cloud happens outside the end-to-end
encrypted tunnel of the Mobile DESK, but is of course protected by
transport encryption. Within the STP cloud, the events can be used
directly by services without first having to be decrypted. The events
contain, in addition to the document title, the folder name, the
internal file reference, and the file name. If these file values should
not be transferred to the cloud, ContainerIdsOnly can be
enabled. The cloud will then only be informed of the ID of the file or
folder.
Durable Events
The OnPremiseAgent now supports (since version 1.12.14) Durable Events. If the agent is offline or has no connection to the cloud, on-premise events such as NewDocumentEvent, DocumentMetadataChangedEvent, or DocumentDeletedEvent are held in a persistent queue. As soon as the agent has a connection to the cloud and DMS again, these queued events are forwarded to the cloud—of course, only if Universal Events are enabled. Only after the events have been successfully transmitted are they removed from the queue. This mechanism ensures that no on-premise event is lost. To ensure that Durable Events are enabled, the agent’s appsettings.json file must contain the following configuration:
⚠ If you have enabled “Durable Events” and then decide not to use it anymore, you must manually clean up the persistent queue in RabbitMQ. Otherwise, messages will accumulate indefinitely.
{
...
DmsDurableEvents": true
...
}User-less Requests
Some new functions of the STP cloud run in the background without user context. These new functions support on-premise data storage. For access to on-premise data storage to work, the agent can answer user-less requests from the cloud. If you want to use these functions, user-less requests can be allowed in the agent’s appsettings.json. The agent must then be restarted once for the configuration to take effect.
{
...
"AllowUserlessRequests": true,
...
}User-less requests take place outside the end-to-end
encrypted connection. Unlike requests from users with the Documents
Mobile DESK, where the STP cloud only forwards the data encrypted and
cannot decrypt it itself, the background processes of the STP cloud can
process the data unencrypted. The data transfer is, of course, still
protected by transport encryption. User-less requests are reserved for
selected background processes of the STP cloud.
A user-less access from the STP cloud accesses DMS with the rights of
the technical
user of the agent. By granting this technical user the appropriate
rights, you can restrict or extend user-less access.
Participants Cache
The on-premise agent uses caching when retrieving participants from winsolvenz. This field is optional, and if no duration is specified, the default expiration time is 1 hour. You can set this between 1 second and 1 hour. To disable caching, set the value to -1.
{
...
"CacheParticipantsExpirationInSeconds": 60,
...
}