• Permissions across Categories

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #19623  by nrdorf
 
Hello,

I am experimenting with user roles and permissions for the first time. I think I found a behavior that does not seem correct.

users:
okmAdmin
user1
user2

folders under root

user1
user2

I changed permissions under user1 such that only user1 and okmAdmin would have full access to the user1 folder, and under the roles tab removed user_role altogether.

when user2 is logged-in, user2 does not see the user1 folder or documents, as expected. At least, not under Taxonomy.
However, I have a few documents in user1 that are assigned to a category called "test." If user2, when logged-in, clicks on category test, user2 can see and open that document--even though it is stored ihe the would-be secured user1 folder to which user2 is not supposed to have access.

It would be extremely tedious to have to replicate security policies for both Taxonomy and Categories...Seems to be the correct behavior is that a category search should not show documents that a user is not privy to see, based upon the folder location.

Thanks

By the way, "Taxonomy" is arguably not a very business friendly name. Can I change it to "File Cabinet" or some other business metaphor?
 #52424  by lalitpareshan
 
I am still not able to figure out who to give category permission to a role without giving permission to the actual folder
example under Taxnomy under root folder we have folder 1,which has under that file1 - category1, file2-category2 , file3-category1
and we have folder2 , folder3

Now user1 we do not want to provide permission to folder1 , but this user will have folder2 and folder3
However want to provide user1 permission to category1 files via category

Is this feasible, to provide access to files via category but not to the folder?
 #52433  by jllort
 
* /okm:root/folder1/document.pdf -> User have read access to /okm:root/folder1/document.pdf but do not have access to /okm:root/folder1/
* /okm:category/category1 -> User have read access to /okm:category/category1
* /okm:root/folder1/document.pdf -> have category /okm:category/category1

If you check the previous scenario you should have access to the document across the category. Because default security analyzer ( must implement or configure other, but default ) only take in consideration the node, not the whole hierarchy ( access to the node but is not taken in consideration the parents ).

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.