Question

Remove All Rights

Workflow

Updated June 30, 2022

asked on May 29, 2014

In Workflow I am trying to use the Assign Rights activity to remove all non-inherited rights to a folder. The issue I am running into is when I choose the option Remove All Rights it is asking me to choose a Trustee. The trustee could be different depending on if the document was previously in any of 10 different departments. Is there a way to just have it remove all non-inherited security without having to detail the specific trustee?

3 0

Replies

replied on May 29, 2014

Thanks, I figured I could do it that way but it would be nice to be able to use a blanket "Remove All Rights" while still keeping the inherited rights. The same would be nice for tags. An option to "Remove All Tags" without having to specify each tag to remove.

2 0

replied on November 14, 2014

Any chances of this being added as future ability (for both rights & tags) in an upcoming version? I am working more and more with dynamic environments where we are assigning 1 of 30 AD groups to a document depending on the type. Then if the user changes the type I am having to programatically remove all 30 permissions just in case they were assigned prior to assigning the new AD group's permission. Then if they add a 31st AD group I have to update workflow for another removal.

2 0

View 1 previous reply

replied on November 14, 2014

Thanks a lot for adding this as a feature request. I will keep my fingers crossed with each new WF version.

1 0

replied on May 20, 2015

Any word on whether this functionality will be available in Workflow 10?

2 0

replied on April 7, 2016

I am in the process of creating Cumulative Folders for quite a few school districts and we are restricting document access via 10+ groups of documents with 3 levels of security per group across 30+ campuses. We are having to do this so that we can have a single folder per student stored within the student's campus. We can then restrict the user's access to the specific documents within the specific campus that they are allowed to see and we can control what level of access they have to those documents. Below is an example of the folder structure we are building to see why we have to have these groups:

Student Records RM
Student Records
- Washington High School (001)
  - 11
    - A
      - Adams, John (12345)
        
        Athletics
        
        Special Ed
        
        Transcript
    - B
  - 12
- Jefferson Middle School (101)

While this process is working fine as far as workflow dynamically assigning the permissions and the users accessing the correct documents, it is incredibly slow when refiling the documents. This is because I am having to loop through all of the possible combinations of security groups_campus_level that are available which is 900+ right now to ensure I have removed all security before assigning the new security. I really need a way to either:

Determine specifically what security is assigned directly to the entry (not inherited).
Remove all non-inherited security from the entry without having to identify the trustee.

Has anyone found a better way to remove a large number of security groups in Workflow other than to loop through the available values? Possibly a query against the tables to see what security is currently applied against the entry? At this point any suggestion will help as we need to speed up the process of removing the security when refiling these documents.

2 0

replied on June 18, 2014

Hopefully Laserfiche will add the ability to just remove all security (and remove all security tags) to future versions of those activities. I appreciate the help.

1 0

replied on July 30, 2014

Beau, I want this exact feature also. I opened a similar question before seeing yours. https://answers.laserfiche.com/questions/60058/Workflow-SDK-script-to-remove-explicit-permissions

2 0

replied on August 16, 2016

Any word on this being available in future versions of Workflow. In doing dynamic security where we assign rights to a document to a specific person, it is impossible to cycle through all people who might have had rights when trying to remove permissions. In order to continue to do Cumulative Folders for Student Records where homeroom teachers have access only to their students, I have to be able to remove all rights on that document when reassigning it to the next homeroom teacher.

1 0

replied on May 29, 2014

This activity must be applied to a specific trustee. In this case, you'll probably want to use the Find User or Find Group activity to choose which trustees should have rights removed. You could use something like a Conditional Parallel followed by a series of branches containing different users and departments to remove the rights from the appropriate users.

0 0

replied on October 6, 2016

This has become a huge issue when working with Cumulative folders as a large school district may have 200+ campuses and if we have 20+ security groups per campus then you can see where the workflow to remove all possible security would have to loop through 4000 possible security groups for every document it has to refile. That is both time consuming and it is writing a ton of rows to the Workflow database when you are talking about the volume of documents for a school district with 200+ campuses. Then add in that we are granting homeroom teachers access to their kids folders and we have to be able remove their access when kids change classrooms. Thus I need to know if Laserfiche has any plans to add the option to "Remove all Non-Inherited Security" on an object as part of the Assign Rights activity?

If not, then I will have to start writing all of the security I assign to a multi-value field and then using that field so Workflow knows specifically what security to remove. That is not the most elegant of options but it is the only way I can think of to still provide this functionality without having to repeat through thousands of possible security groups when trying to remove assigned security.

0 0

replied on October 11, 2016

Well, I circled back to just using an SDK script to resolve this, which can be seen in the link Brandon provided in a previous response (Thanks again Brandon!!!). I have a better understanding of why Laserfiche is fearful of this option in Laserfiche (or directly via the script) as it is a quick way to orphan a document but I am still hopeful they provide the option to remove all non-inherited security and have it error if doing so would leave the document orphaned.

0 0

replied on June 29, 2022

Hey Beau,

Is there a way to do this in 2022? If not, is there an example of the SDK way of doing this?

0 0

View 2 previous replies

replied on June 29, 2022

The scenario of removing/adding rights for teachers on student docs on the fly is exactly what I needed it for. Works great! Many thanks.

1 0

replied on June 30, 2022

What if I want to loop through the existing trustee information? I may not want to remove all non-inherited trustees, just some of them.

0 0

replied on June 30, 2022

The SDK runs so quickly, I just have it reapplying the security that is needed. Thus my Workflow

Determines the security that should be applied to the document
Removes all existing security on the document in the SDK activity
In the same SDK activity, Loops through adding all security that was found in the step 1 activity

I ended up doing this because the SDK runs so quickly that it wasn't worth the effort to only remove some and I wanted to make sure the correct security was applied in case some other process/person had removed it.

0 0

You are not allowed to follow up in this post.

Question

Question

Remove All Rights

Replies

Sign in to reply to this post.