Restricting Search Visibility Based on User Roles in OpenKM

[zaid-dev]

Hello,

I am facing an issue with OpenKM where documents and folders restricted to certain roles are still visible to other roles via the search function.

Setup Details:

I have a folder located at /okm:root/MyFolder/.
This folder's permissions are configured so that only users with the "RoleAdmin" can read, write, delete, and manage security.
Issue:

Users with "RoleUser" are correctly unable to see the folder in the taxonomy structure due to the set permissions. However, they can still find and access this folder when using the search functionality in OpenKM.
This issue extends to the visibility of other roles as well; "RoleUser" should not see anything that is designated for "RoleAdmin" or any other specialized roles.

Question:

How can I configure OpenKM to ensure that the search functionality respects the same access restrictions as set in the folder permissions? Are there specific settings or configurations that need to be adjusted to restrict search results based on user roles?

[jllort]

Permissions by default in the search engine are based in the node ( document ) not in all the hierarchy ( path ). You can have access to the document but do not have access to all the folder hierarchy -> in this scenario by default the search engine will return the document but you will not be able to jump to the document in the browser.

The security analyzer used by the search engine can be changed to evaluate all the hierarchy but we do not suggest change it because will penalize the speed of the search. Here the question for us is why you have access in a child document but you do not have access in the parent folder -> in my opinion the security is not set in a good manner, if you do not have access to the parent folder the security applied in the child should be in concordance of what have been applied in the parent.