You are viewing limited content. For full access, please sign in.

Question

Question

Users Effective Rights on any given folder

Laserfiche Administration Security
Updated April 21, 2015
asked on March 10, 2015

I am trying to give a user rights to create a document on a specific folder.

 

I have added the User account to the folder and have given it explicit full rights to the folder I have also made the user apart of a group that has these same rights. 

When I go into Effective Rights to the folder and select the group that the user is assigned to it has all the rights required. When I select the user, The use only has the Browse, Read, See Annotations and See Through Redaction's.

I have also given the user Explicit rights to the Parent folder as well. Still no change in Effective rights on folder in Question. 

So far with a little help I have determined that I needed to give the user Manage Trustees rights in the Admin Console. If the user has this checked then all desired rights are met. 

I am using LF 9.0 

Has anyone else seen this? 

1 0

Answer

APPROVED ANSWER
replied on March 10, 2015

Is the user read-only? Giving "Manage Trustees" to a user that you have also marked as read-only will bypass the read-only setting.

1 0

Replies

replied on April 21, 2015

I'm having the exact same issue with our 8.3 installation.  Can someone explain how rights are calculated?  I want to restrict access to a folder, for such purpose i did the following:

1. Created a group

2. Created the folder

3. Added group with full rights to the folder

4. Broke group inheritance at the folder level

5. Added a user to the group

 

After this setup, when I check the group's rights, it has full access.  When I check effective rights over the user at that folder level, only a few rights are assigned.

The user is also part of other groups (these groups however are not shown on our particular folder, remember, we broke inheritance). We did the test and removed all other groups from the user and Bingo, now all rights were correctly assigned.  Is this the normal behaviour?

 

Regards,

0 0
replied on April 21, 2015

Perhaps one of those groups that you removed the user from had been set to be read-only.

0 0
replied on April 21, 2015

I'm confused, since no other group is added to the folder's ACL (rights inheritance has been disabled).

0 0
replied on April 21, 2015

The read-only option for users and groups is separate from the access rights configured on the entries in the repository.

You mentioned that the user had been a member of several groups. I suspect that one or more of those groups had been set to be read-only. Therefore, the user would be treated as a read-only user and wouldn't be able to create documents in the repository, regardless of the access rights that may have been configured for whichever group the user is a member of.

Once you removed the user from the other groups leaving him only a member of the one group which you had given full access to the folder, then the user was able to create documents. While the access rights would be needed regardless, I think the main reason why you saw a difference is because this group (only group the user is a member of) is not read-only.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...