Open Source Document Management System | OpenKM

We have
 a Folder on which Security has been defined to grant "Write" rights to Users having a defined Role,
 two Users with the defined Role, so being granted "Write" rights on the Folder.

Expected system behavior was that
 both of them would be enabled to Create documents in the Folder and Edit any document that were created in the Folder, irrespective of actual User who created the document,
 but only the User that created a given Document would be enabled to Delete it.

This behavior is supported by the fact that the Security of documents created in the folder
 inherits the Security profile of the Folder (thus with "Write" rights granted to Users with the specified Role ), but
 includes in addition explicitly full Delete rights granted to the User that created the Document.

The system, instead,
 allows both Users Delete the Documents from the Folder,
but
- while the User that created the Document can Purge the Document from its Trash
- the User that was not the creator of the document cannot Purge the Document from the Trash and receives an error "The system generated an error: "OKM-002009(PurgeDocument): Document access denied""
(Comment: The Document can be Purged from that User's Trash only by a System Administrator)

I think that consistent application of the Security specified on Documents should prevent "Deletion" of Documents as part of the functional checks performed in the Taxonomy Folder.

Best regards,
Armando

(The tests have been made with version 6.2.4.)

When you create a document, the permissions are inherited from the parent folder. This means that the document will be editable and deletable by any user who can write or delete in the parent folder. If you don't want to delete a document you need to modify these permissions.

But the error given when purging has no sense because if you can delete a document also can purge it.

Both users belongs to the NMS_ARCHIVIST role, ins't it?

EDIT: I have tested in my local installation and works as expected (no error is thrown when purging the trash). I can't reproduce the problem in the last night build.

Hi pavila,
thank you for your answer.

As you can see in the uploaded file attached to this message,
- both Users belong to NMS_OADMIN ,
- while they do not belong to NMS_ARCHIVIST role.

Also, as concerns Documents' Security, comparing the Security profiles of the Folder and of the Document (see first two screenshots in previous file uploaded) it seems that the Document's Security profile
- inherits all the conditions valid for the Folder,
- but in addition includes also full Delete rights for the User who created the document (Test Org Admin. 1).

I could not test this behaviour with the night build, however with this additional information you might be able to recreate the condition to test it.

Many thanks,
Armando

I was unable to reproduce the problem in the last nighbuild. I recommend to try a clean installation with a recent nightbuild and try if can reproduce the problem.