You are viewing limited content. For full access, please sign in.

Question

Question

Parent\Child folder permissions

asked on October 25, 2017

I have a folder that is layered deep within the repository.  I have several user groups each with their own folder. What I would like to do is only make the child folder visible in the Laserfiche Client, not the parent.  Is this possible.  So if the documents they need are in "Repository/District/School/Campus/Failed Group 1" , is it possible to only show the Failed Group 1 folder to those users? 

0 0

Replies

replied on October 25, 2017

This is possible, but there's a catch. If the parent folder is not accessible directly, then you would need to create a desktop shortcut or .lfe file that opens the client directly to that folder.

I am doing something like this for some of our users. If they log into the repository normally, they see nothing, but if they use a desktop shortcut that opens directly to the folder they're good.

Basically, the challenge is that by default the client opens the repository at the root. If the users can't access anything at the root level, they see nothing.

Another option, which may be better in your situation, would be to create a repository shortcut at the root that is only visible to the target group and links to their folder. That way they can log in normally and still have a way to navigate.

2 0
replied on October 27, 2017 Show version history

What if I only want them to see the containing folders but not any of the other contents.

Folder Structure

Repository
      Incoming Docs
           Registration
                Failures
                    101-Building Name
                          Documents inside
                     102-Building Name
                          Documents inside

So in the "repository, incoming doc, registration, failures" folders they would only see the child folder.  I tried only allowing read access, but the user could not see any of the children inside.
 

0 0
replied on October 27, 2017 Show version history

It would depend on the scope of the permission, such as “this entry only,” “this entry and sub folders,” etc.

So in your case, you would want the "Read" permission on the parent folder to have a scope of "This folder, subfolders and documents"

Which would provide read access to that folder and anything beneath it.

1 0
replied on October 27, 2017

Guess this is where I'm getting confused.  I don't want them to read other folders only their folder specifically. 

What's the difference between read and browse?

Repository
      Other Folder 1
      Incoming Docs
          Other Folder 1
          Other Folder 2
          Registration
                Other Folder1
                Failures
                    101-Building Name
                          Documents inside
                     102-Building Name
                          Documents inside

For instance I don't want them to see the "other Folders" I thought setting read access on that folder would work, but I set read access from Repository with the scope of this entry only then the Incoming Docs with entry only then.... to the 101-Building Name folder with Read-Browse and other properties.  They can't see the folders though when I do that. I had to add Browse to all the parent folders which allowed them to see the "other Folders"

 

1 0
replied on October 27, 2017 Show version history

It sounds like the part that's tripping you up a bit is that you cannot have a gap between folders and still view the children.

Try to think of it like line-of-sight. If you don't have direct line-of-sight to a folder, you won't see it in the repository regardless of your access rights.

Therefore, if any parent folder is hidden from the user it disrupts the line-of-sight for anything below it in the folder tree.

For example,

  • REPOSITORY
    • Folder 1 - This entry only
      • Folder 2 - No Rights
        • Folder 3 - This entry only

 

Although the user has rights to Folder 3, if he/she logs into the repository at the root level, Folder 3 will not be visible because the line-of-sight is broken at Folder 2.

Folder 3 is not a direct child of Folder 1, so it will not appear in Folder 1 since access rights do not affect how the folder structure is presented.

What you need to do is set the permissions AND establish an alternate "line-of-sight" path so they can get to the folder.

There are a couple of good ways you can do this;

  1. Create an LFE link the user can have on their desktop that bypasses Folder 1 and Folder 2 entirely and leads directly to Folder 3.
  2. Add shortcuts to Folder 3 in Folder 1 to bridge the gap.

 

For the shortcut example,

  • REPOSITORY
    • Folder 1 - This entry only
      • Folder 2 - No Rights
        • Folder 3 - This entry only
      • Folder 3 Shortcut ^

 

By adding the shortcut, you can bypass the hidden Folder 2 and still provide a path from Folder 1 > Folder 3 Shortcut > Folder 3

Then, you give users access to their respective folder as well as the associated shortcut; only they will see the shortcuts, and it will allow them to navigate to the folder despite lacking access to the parent folder.

1 0
replied on October 27, 2017

I understand the line of sight issue...I just can't explain well. I had a line of sight to the folder with read permissions but not browse.  Still couldn't see the folder. When I added browse then I could see the folder, but all others as well.

0 0
replied on October 27, 2017 Show version history

Just to confirm, you gave them Read permissions on every folder in the path?

EDIT: I think I might know the problem. Check the Admin console to see if they have Bypass Browse enabled under "assigned privileges"

Browse is needed, but if they have bypass browse privileges it will not hide the inaccessible folders because it skips that check.

0 0
replied on October 30, 2017

I just checked and they are not set to "Bypass Browse"

0 0
replied on October 30, 2017

That's very strange. I just did a test to confirm, and when the parent folder has rights with a scope of This Entry Only, the user account I tested could only see folders with assigned access rights unless Bypass Browse was enabled.

  • Folder 1 - Browse, Read: This Entry Only
    • Folder 1A (Visible) - Browse, Read: This Entry and Children
    • Folder 1B (Hidden) - No Rights
0 0
replied on October 30, 2017

Is there a way to impersonate a user? I don't want to call users to "try it out" lol.

0 0
replied on October 30, 2017 Show version history

Yes. You can do it with either a Laserfiche account or a Windows account, and you can have multiple instances of the client signed in with different accounts.

When you open the LF Client, uncheck "Use Windows Authentication" and manually enter the user credentials.

  • Laserfiche account: Enter username and password normally
  • Windows/AD account: Enter domain\username and password

 

I find it useful to have a test account ready at all times to test new permissions and permission groups.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.