Hello,
I am experimenting with user roles and permissions for the first time. I think I found a behavior that does not seem correct.
users:
okmAdmin
user1
user2
folders under root
user1
user2
I changed permissions under user1 such that only user1 and okmAdmin would have full access to the user1 folder, and under the roles tab removed user_role altogether.
when user2 is logged-in, user2 does not see the user1 folder or documents, as expected. At least, not under Taxonomy.
However, I have a few documents in user1 that are assigned to a category called "test." If user2, when logged-in, clicks on category test, user2 can see and open that document--even though it is stored ihe the would-be secured user1 folder to which user2 is not supposed to have access.
It would be extremely tedious to have to replicate security policies for both Taxonomy and Categories...Seems to be the correct behavior is that a category search should not show documents that a user is not privy to see, based upon the folder location.
Thanks
By the way, "Taxonomy" is arguably not a very business friendly name. Can I change it to "File Cabinet" or some other business metaphor?
I am experimenting with user roles and permissions for the first time. I think I found a behavior that does not seem correct.
users:
okmAdmin
user1
user2
folders under root
user1
user2
I changed permissions under user1 such that only user1 and okmAdmin would have full access to the user1 folder, and under the roles tab removed user_role altogether.
when user2 is logged-in, user2 does not see the user1 folder or documents, as expected. At least, not under Taxonomy.
However, I have a few documents in user1 that are assigned to a category called "test." If user2, when logged-in, clicks on category test, user2 can see and open that document--even though it is stored ihe the would-be secured user1 folder to which user2 is not supposed to have access.
It would be extremely tedious to have to replicate security policies for both Taxonomy and Categories...Seems to be the correct behavior is that a category search should not show documents that a user is not privy to see, based upon the folder location.
Thanks
By the way, "Taxonomy" is arguably not a very business friendly name. Can I change it to "File Cabinet" or some other business metaphor?