You are viewing limited content. For full access, please sign in.

Question

Question

Documents imported with workflow

Workflow Forms Version 10
Updated January 11, 2019
asked on January 11, 2019 Show version history

Hello all, 

I recently imported the briefcase for Public Records Requests and configured the forms and workflows and created a few tests internally.  Everything works fine, up until the finished form is placed in the repository for records tracking/storage.  When I try and open it, i get the following error.

 

This is obviously a permissions issue, and if I add myself to the document again, I can open and read it.  My question is, WHY, if I have full permissions to all folders in the workflow path, does the document still import with only the View and Browse permissions?

I'm obviously missing something permissions wise along the way, but I've gone over it several times and haven't found the culprit.  Thanks for any help you all may be able to give!

1 0

Answer

SELECTED ANSWER
replied on January 11, 2019 Show version history

Hi Jason,

Glad you figured it out!

For future reference, remember that "Deny" always takes precedent; if you have a group with "Deny" and a group/individual with "Allow" only the "Deny" permission will be applied.

For that reason, the best practice per Laserfiche is to "Not Allow" rather than "Deny" and only use "Deny" under very specific circumstances. "Not Allowing" achieves the same results, it just doesn't override other access rights.

I don't think you should ever set "Deny" rules for the "Everyone" group because it affects everyone and "Deny" will always take precedent.

2 0

Replies

replied on January 11, 2019

I do not believe user permissions carry over from a briefcase, which makes sense.

Two questions:

  1. Is the folder/document set to inherit permissions from the parent?
  2. When you say you have full permissions to the path do you mean "this entry, subfolders, and documents" for the entire tree? Check the access rights for the parent folder to confirm that the document is included in the "full rights" scope.
1 0
replied on January 11, 2019

Thanks for the reply!  Yes, the folder is set to inherit permissions, and I do mean "this entry, subfolders and documents".  I checked the entire tree to make sure it was set that way for all entries.  The parent folder is where I had set deny access for the everyone group, and that was what was preventing me from opening it, even though my user had rights or appeared to have rights, all the way down the tree.

0 0
replied on January 11, 2019

Well, I figured out my problem.  I created this folder a while back to test workflows and forms, and I denied access to the everyone group.  For some reason even though I gave myself and one other user full access to this file tree, (this folder, subfolders, documents) it still denied me read access.  I don't want regular users to see this folder so I limited the everyone groups deny to "This entry only".  However, that raises another question:  If I deny them the ability to see that folder, can the everyone group still search its contents?  

1 0
SELECTED ANSWER
replied on January 11, 2019 Show version history

Hi Jason,

Glad you figured it out!

For future reference, remember that "Deny" always takes precedent; if you have a group with "Deny" and a group/individual with "Allow" only the "Deny" permission will be applied.

For that reason, the best practice per Laserfiche is to "Not Allow" rather than "Deny" and only use "Deny" under very specific circumstances. "Not Allowing" achieves the same results, it just doesn't override other access rights.

I don't think you should ever set "Deny" rules for the "Everyone" group because it affects everyone and "Deny" will always take precedent.

2 0
replied on January 11, 2019

Ya, that was a rookie mistake for sure!  I set the folder not to inherit and just added myself and the other user back, then checked effective permissions for the everyone group and they have none, so like you said, same effect, without explicitly denying anyone access.  

0 0
replied on January 11, 2019 Show version history

Are you assigning any permissions with Workflow upon import? If not, you could strip away any permissions that exist from the briefcase and reassign them however you want them to be. That way going forward you won't have any surprises coming over from a briefcase.

Another possibility is that you don't have full permission to whatever volume they were imported to. Check the volume security in the Admin Console:

Hope this helps!

0 0
replied on January 11, 2019

Thanks for the reply!  I checked that first, and I do have the "manage volume" privelege for my user, and am a full administrator, so I couldn't figure out why I couldn't open the document without adding myself again.  I still can't if I'm being honest, even though I was able to "fix" it.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...