Hi, the permission of okmAdmin seems allow to view all documents. Can I set the okmAdmin cannot view folders or documents but grant the security permission of all folders and documents to him? Thanks.
Because information matters
about the permission of okmAdmin
- We tried to make OpenKM as intuitive as possible, but an advice is always welcome.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
okmAdmin like any user with AdminRole is a "super user" and have grants to see anything, you purpose is like a DBMS administrator could not have accessing to some tables ... then it'll not be the administrator.
Why do you want it ... not explain the solution , explain the problem and we'll try find some available solution.
Why do you want it ... not explain the solution , explain the problem and we'll try find some available solution.
Thanks jilort. The management migh have some information (top secret) that they dont want IT to have the right to browse these information. They just want to share with some other top management. Therefore they want to give the system administrator to set the permission right but cannot browse the folder or file. As you explained, in this case, might be giving the AdminRole to someone that can browse all information although that person might not be IT.
I imagine something like it.
In that case you need encriptation extension feature and share the crypt pass key to other people. The idea is administration might have acces anything but that could be crypt, can see document name, but nothing else, content is crypted.
Other thing that can be done in this kind of scenario is some reports to audit to see whos's accessing these special sections ( that can be easilly exploted from activity log stored information and sendind periodically by mail).
In that case you need encriptation extension feature and share the crypt pass key to other people. The idea is administration might have acces anything but that could be crypt, can see document name, but nothing else, content is crypted.
Other thing that can be done in this kind of scenario is some reports to audit to see whos's accessing these special sections ( that can be easilly exploted from activity log stored information and sendind periodically by mail).