Open Source Document Management System | OpenKM

Hi,

I want to give permissions to folders and files to users myself. For example, I will have,
/okm:root/MainFolder_1/SubFolder_1/File_1
/okm:root/MainFolder_1/SubFolder_2/File_2
..
/okm:root/MainFolder_n/SubFolder_n/File_n

For a user, if i want to give permission to File_2 I will give it by myself (through REST), now that the OpenKM system works like any new user created should be assigned one of the pre-defined ROLES (ROLE_USER or ROLE_ADMIN) I removed all access to ROLE_USER from okm:root recursively. I gave access to /okm:root/MainFolder_1/SubFolder_2/File_2 for the new user, but now the user has access to root, every new folder created inside root is also given access to new user (which I do not want, I don't want access given to any folder in the system, I will give access to every single document myself through REST), how to handle this situation, please let me know if this scenario needs more understanding.

Thanks in advance!

You are creating folder from rest, and obviously that propagates grants from parents to childs, you can not prevent it. OpenKM have a security manager where is set the security logic. Default security manager configuration only take in consideration the document node, not all path. If you have grants for document node you will be able to modify etc... this file althought you do not have enought grants for navigating across all path.

Understanding better the kind of integration will be able to help you better. For example you can create a document:
/okm:root/hidden/default/document.txt where the user has not access to hidden ( unvisible from UI ) but will be able to write on default ( you have enought grants there ).

Also from api can change the security of folders and documents ( can be part of your login ). Or create some automation task and change security after each folder node is created etc...

Hi,

Thanks for coming into rescue every time we get into trouble . We will try your idea and let you know. But there is no way that we can stop propagating security inside node?

Thank you again!

Deafult behaviour should be always propagate security. That what in almost 99% cases is welcome. In your scenario should apply other security rather than default after document creation. For it linking an action to document creation event will get to you the expected results.