6.2.2 Folder Security confusion

[thecjman]

Hi
I am on 6.2.2 zip install on ubuntu and all is working BUT NOT THE folder security
All users with ROLE_ADMIN can see all folders under okm:personal
BUT users with ANY other roles can ONLY see their own personal folder.

• U can not add the ROLE_USER to any folder from the UI so I added it from the DB side to the okm:personal folder and to a sub folder, I then can see the permissions from the UI and change them etc with the okmAdmin user logged on but if the standard user with ONLY ROLE_USER log on then - No luck
• I then ALSO added the user to okm:personal and subfolder with full permissions - BUT No luck
• I added a ROLE_PowerUser to the system and added this ROLE_PowerUser to the user, okm:personal and subfolder - BUT No luck

Any other Ideas

[thecjman]

I think I have successfully solved my problem BUT it should (I think) be classed as a bug.
If the ROLE_ADMIN is not assigned and you have any other ROLES like ROLE_USER then you need to make sure the PROFILE has ONLY Stack PERSONAL and TRASH ticked, if you tick any other STACK then you will experience this mentioned problem.

I understand that the "STACK" tick should not have a play in the Access of folders and that the ROLES should be the deciding factor but this is my findings and they are true.

[jllort]

I think I have answer similar question in other post recently. Basically ROLE_ADMIN give users super user grants. That means have full controls and see eveything. The idea is be few ROLE_ADMIN users. You should create other role, your own admin role and propagate across repository. Repository administrator and bussiness administrator should not be the same ( hope this can help you in some way ).

[thecjman]

I think you miss understood my whole situation
Please re read the 2 posts:
1. Can not assign ROLE_USER to any folder (not available in GUI) must do it from DB
2. If profile assigned to user has ANY more "stack" than PERSONAL and TRASH then user will not see other folders

[Snowflakes]

So...you're trying to get all regular users with ROLE_USER to see other user's personal files? I think that kinda defeats the purpose of a personal folder. ROLE_ADMIN users can see all folders under personal docs because they're the admin. All other users should only see their own stuff under the personal heading.

Taxonomy would be the place to put folders that you want everyone to see. You can update the security settings for ROLE_USER there to do whatever you want there.

Or is this something different...?

[thecjman]

To clarify
I created a folder okm:personal/Contracts that some users should be accessing to upload contracts to, some users may change and some may only view.
Now I can not assign (From the GUI) the ROLE_USER to this okm:personal/Contracts and therefore no user can see or upload to this folder except the ROLE_ADMIN users, Now read my second post to see how I got this solved

[jllort]

It's a bad use of okm:personal node as the name indicates, should only be used for personal use not for sharing with other users. A contracts folders should be defined under okm:root/taxonomy and with correct security is not available to others users what you wish. Sincerally I have not understand the advantage of get it on okm:personal ?

About ROLE_ADMIN users, these are super users and can access anything and everywhere, that means can change configuration in administration etc... this kind of users should be only for OpenKM administrator, but not for bussiness logic.

[thecjman]

Taxonomy is a way of grouping things together: http://en.wikipedia.org/wiki/Taxonomy and http://codex.wordpress.org/Taxonomies

I do not want to group things but actually upload all contracts (Documents) this is why I thought it should be under My Documents, taxonomy is to classify things not to put them in the same folder??

Further more on Admin role, I fully understand this role and have ONLY 1 user with this (System Admin), note folder structure in this post http://forum.openkm.com/viewtopic.php?f ... 200#p21200

However I now see the whole system work better if we do use the Taxonomy folder instead of the My Documents folder.

[jllort]

I will try to give some light in dark, I do not know if I will get some success on it.

First taxon is techcnial concept derived from science ( used to create herarchic structure, for example to organize animals, species, etc... ) based on this primary concept, appears the taxonomy idea applied to documental world. Well the idea is get some organization. What do you thing about have 1 milion of invoices on same folder ( for example on your windows folder ), first you will get some problem opening this folder, render slow etc... and then looking to find some invoce will be really difficult or imposible. The idea of any DMS is catalog and organice information, put some rules into organization ( one law or all the users ).

A gooda way to store invoces, could be organize by a simple structure like years folder and into month folder ( it's basic structure ), other could be by end customer name, sometimes could be both, using taxonomy structure and categories to link information about clients ( I try to give you real life solutions of real problems, really I try to give you simple examples, they're some more complex, and identify the correct way to order is really an art, the art to solve big problems on the most easies way ).

Arrived here - you can agree with me or not - the difference between put documents in taxonomy or personal is basically philosophical. If invoces are a general purpose into the company should go into general company folder, that's always under okm:root ( the taxonomy ) but if are personal invoces then I'm agree with you to store in personal folder ( anyway I suggest some subtree folder clasication, think in rendering 1 milion files in one windows folder ).

About security in other post I will answer there. Hope this could help you in some way.

[thecjman]

I understand fully, I guess it was just my thoughts that documents should go under documents, but now I do understand.

I have to congratulate you on your English as I believe it is your second language.
Well done man