Dear all,
I've implemented OpenKM Community with below taxonomy design:
1. From root down to Level 5 is a organization structure taxonomy concept.
2. The next level (Level 6) is a taxonomy concept definition is handled by each organization manager.
3. Role: ALL_USERS are granted Read Access to all node from root down to Level 5 so all user can read the structure.
The problem is when a manager create a folder /document under his organization, by default the security will inherit from the parent which is ALL_USERS have read access. So I manage to run Automation which RevokeRole ALL_USERS with Privileges values = 15. After that than the manager can grant the permissions to another roles or users as he intent to.
I don't know if this is the best practice by giving all manager access to security setting, so they can manage their own document sharing policy. But it works for me.
I got the 15 integer value from database, the question is do we have a list of possible value so we can RevokeRole or RevokeUser with specific right, for example: only revoke the security, revoke write and delete, or even revoke all but read.
Thanks in advance
I've implemented OpenKM Community with below taxonomy design:
1. From root down to Level 5 is a organization structure taxonomy concept.
2. The next level (Level 6) is a taxonomy concept definition is handled by each organization manager.
3. Role: ALL_USERS are granted Read Access to all node from root down to Level 5 so all user can read the structure.
The problem is when a manager create a folder /document under his organization, by default the security will inherit from the parent which is ALL_USERS have read access. So I manage to run Automation which RevokeRole ALL_USERS with Privileges values = 15. After that than the manager can grant the permissions to another roles or users as he intent to.
I don't know if this is the best practice by giving all manager access to security setting, so they can manage their own document sharing policy. But it works for me.
I got the 15 integer value from database, the question is do we have a list of possible value so we can RevokeRole or RevokeUser with specific right, for example: only revoke the security, revoke write and delete, or even revoke all but read.
Thanks in advance
. And thanks for the links.