You should always setting the security with roles and remove security applied by users. There's a configuration parameter named user.assign.document.creation what you should disable https://docs.openkm.com/kcenter/view/okm-6.3-com/security-configuration-parameters.html ( once disabled when a user cr...