You are viewing limited content. For full access, please sign in.

Discussion

Discussion

Access Rights - Which option allows users to create documents or add documents to a folder?

Laserfiche
Updated December 10, 2019
posted on July 9, 2019

I am setting access rights with a scope of this folder only. I check the box which says Create Documents and also the one which says Modify Contents. However I get Permission Denied when I try to do any of the following

Right Click, New Document

Drag document from another folder

Drag document from Windows

I can't see what I am missing, there is nothing left to check that is related to adding documents to the folder.

 

0 0
replied on July 10, 2019 Show version history

I found that with the This Entry Only scope, it does throw the error upon create.  The entry is created but no pages or metadata are added and you can not see the entry because you do not have rights to it.

 

You can either add another entry access for the same group/user with a scope of Immediate Children Only (for Folders and Documents) or Documents That Are Immediate Children Only (for Documents only).  Or you can change the original scope from This Entry Only to This Folder and Its Immediate Children.  It all depends on what you are trying to accomplish.

0 0
View 4 previous replies
replied on July 10, 2019

If I increase the scope to include children I would have to remove the Browse/Read rights, because they are not allowed to view the contents of the folder.

But this would prevent them from seeing the folder itself, without a bypass browse global privilege.

Why do they need rights to the children? They only need rights to the parent folder, they just need to be able to see this folder, Create Documents in this folder and Modify Contents of the folder (since I assume creating a document modifies the contents).

0 0
replied on July 10, 2019

It has been a long time since I set this type of configuration up.  In LF 7 and previous, we always made a recycle folder where users could drop entries in but could not view anything inside.  It always needed to have 2 scopes to accomplish.  The first was for this entry only and gave them the ability to see the folder and create/modify entries.  The second was on the children to again grant the create/modify but not the view/browse.

If you try to add a document to the folder as the restricted user with just a scope of this entry only, and then look in the folder as the admin, you will see that the entry was created, but it has none of the metadata or pages.  This is where the child scope comes into play.  If they do not have rights to the child, they can not complete the create/move activity.

2 0
replied on July 10, 2019 Show version history

Ah this is getting me closer. With the double scope, read on this and Create/Modify on this+children I can create new documents. But I still can't move documents into the folder, I assumed that Create Documents includes move events since Moving must be considered an Addition or Modification.

Create Documents is the only option under Add, Modify Contents is the only option under Modify. Both are checked. Moving couldn't possibly be a Delete, Manage Security, or Records Management event. I must assume that Create Documents or Modify Contents allows moving a document into the folder.

I might need to jump on a var webinar for this, it seems overly complex. I wish there was just a "Add Documents" checkbox under the "Add" group.

0 0
replied on July 10, 2019

This is very interesting.  When I drag and drop I get a move/copy error, but then refresh and the entry is no longer in the original location.  Then use admin to look in the destination location and the entry is there so it did get moved in spite of the displayed error.

Here are my settings:

The error my test user gets on drag and drop is:

I do not know why LF 10.4.1 is throwing the error, but that is how I have always done it in the past.

1 0
replied on July 12, 2019

Hi Bert

I have confirmed, that this same thing happens and we are also on 10.4.1. Only when trying to move a document though. They are now able to import new documents from Windows which will really help!

0 0
replied on December 10, 2019

The missing Rights that seems to cause this error 9001 is "Browse".  It limits the ability for the function to identify that the new moved document was created.  

 

Strangely this error does not occur when creating a document directly in the destination folder.

 

There does not seem to be any grey area between "Browse" on objects and contents are viewable versus there is no Browse and every Move/Paste will cause Error 9001.  However if the user is the Owner of the object, they may inherently have access to see the document.

 

That means you can not create blind drop folders without the error.

0 0
replied on December 10, 2019

We were able to create a blind drop folder by having them drag and drop form Windows, but yes, we were never able to get rid of this error when trying to drag from the Repository.

0 0
replied on July 10, 2019

Have you check the Volume Security.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...