You are viewing limited content. For full access, please sign in.

Question

Question

Updating Permission Changes Without Relogging Into LF

Laserfiche Administration How To
Updated February 5, 2020
asked on February 5, 2020 Show version history

Hi All,

 

We have a client who makes consistent updates to repository security/permissions for users, this includes denying users rights to folders that the user previously may have had access to.

If a user is logged in and denied access to a folder that they've had access to, they'll still be able to see it until they relog into the client (granted the contents should give a denied error if they're attempted to be accessed).

 

When updating user permissions/security, is there a way/workaround to have it take full effect without needing the user logging out and back in?

 

Thanks,

 

Bryan

0 0

Answer

SELECTED ANSWER
replied on February 5, 2020

The properties of a user - what groups they belong to, what privileges they have, etc - are determined once, at login time. Any change to these will only apply to future sessions and require logging out and back in to take effect.

Rights for an entry are checked every time that entry is accessed. So if you modify the access control for an entry (e.g. via the entry's "Show Security" dialog) that should take effect right away. The only wrinkle is that if that folder or document is already open in a client application then the user is already past the rights check and won't receive an error until they attempt an operation that is not allowed. It sounds like this is what you are describing? So it's not that a logout is strictly required, but that's the simplest way to clear out information retrieved prior to the permission change.

So it really depends on how you are updating access control - are you updating users or entries? Also, frequent updates to permissions is kind of an anti-pattern. There are some legitimate cases to do it, but it should be a last resort. For instance, moving an entry can modify the effective rights that a user has, and client applications are generally responsive to changes a folder's contents, causing a refresh of the listing.

1 0

Replies

replied on February 5, 2020

Thank you for your reply, very helpful.  I see what I was doing that was confusing me.  I was testing a workflow that updates explicit folder permissions.  The workflow assigns or removes the explicit permissions based on the case status of a client.  There are a number of different security groups that can be assigned explicit permissions.  During testing, I was moving a test user to different security groups.  Exactly what you said, I had to log the user out when they changed security groups.  I notice now that the folder permissions are refreshed without logging out.  That all makes sense, I appreciate your help! 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...