You are viewing limited content. For full access, please sign in.

Question

Question

filter expressions and Security settings

Laserfiche Version 10 Security
Updated March 17, 2016
asked on March 17, 2016

I have a Folder structure setup with multiple groups requiring either read or read\write rights to the folders, this is working. I require one group to only see the documents when a Metadata field is set to a value. I created a Filter Expression for this (see Below) and when that group logs in, it works as expected.

The challenge is when I add the Filter Expression, what happens is none of my other Groups that have access to the Folders can now see any of the documents, although they can see the folder structure.

If I remove the Filter Expression, these groups can see their documents normally, so its appears that this security anomoly is being driven by the filter expression

Here is my Filter Expression

(((IS_GROUP_MEMBER('CUDIC') = 1) AND entryprop."FIC Institution Type" = 'Credit Union') or entry.type ='folder')

Thoughts

0 0

Replies

replied on March 17, 2016

I'm pretty sure you need to include the clause that if it's NOT a member of that group they are allowed. If a filter expression is present, the user has to be explicitly defined in that, it's not going to automatically process the inverse. So you'd need one that says that if it's not a member of that group, they can see regardless. Normal entry access rights will still apply to restrict access. 

1 0
replied on March 17, 2016

The behavior you describe sounds correct give your Filter Expression.

(((IS_GROUP_MEMBER('CUDIC') = 1) AND entryprop."FIC Institution Type" = 'Credit Union') or entry.type ='folder')

You've group the first two with parenthesis, so what you have is:

---
if they are a member of the group CUDIC, AND the field FIC Institution Type is Credit Union

OR

the entry type is a folder

---

Then they can see the entry. This means

  1. Members of the group will be able to see all folders, and any entries with that metadata value
  2. Users that are not members of the group will only be able to see folders.

Which is what you are seeing.

As Justin Pava mentioned, you can add another clause to allow all users not in that group if what you want is to allow anyone EXCEPT those users access to the rest of the documents.

or (IS_GROUP_MEMBER('CUDIC') = 0)

 

1 0
replied on March 17, 2016

Thanks all

As to Justin's comment, my mistake was in thinking the the Filter only applied when a member of the filter group logged in. As to your point Brianna, I added the Group = 0 line as you showed above and that fixed my problem.

Case closed

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...