cancel
Showing results for 
Search instead for 
Did you mean: 

Access Control list in DMS

Former Member
0 Kudos

Dear Experts,

I have enabled , the ACL flag and edit ACL option via configuration. However , when I am restricting users, via ACL authorisations for a particular DIR, it is not working. For eq: I created a DIR with my user and in the authorizations tab, I have given the auth object 'User', ID - the User ID of the person I want to restrict access and Activity as No Auth ( None ). As per my understanding, the user will not be able to view or change this particular DIR, but however the user can still display and change the DIR. It is only considering the std authorization objects I maintained in PFCG. Am I missing something?.Is there anything else to be done?

Help would be really appreciated. Please find the screenshots

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Got it..It was because 'ACO_SUPER' was active. However, I read that, by default, the authorizations are inherited top-down, which means documents only inherit ACLs that result from their original use, that is, from the folder in which the documents are actually located. I have restricted  folder access to a user by ACL, but this restriction is not coming by default to the documents attached to the folder. Is it normally like this..or does any changes have to be made?please provide your inputs.

benedikt_wagner_mdt
Active Participant
0 Kudos

Hi Aravind,

where did you read that? As far as I know, the ACLs have no relationto the files/filesystem.

Regards,

Benedikt

Former Member
0 Kudos

Hi Benedict,

It is mentioned in ACL authorizations in DMS - Product Lifecycle Management - SCN Wiki

This ACL concept on a folder level did not work for me. Kindly let me know if you have any inputs regarding this.

christoph_hopf
Advisor
Advisor
0 Kudos

Hi Aravind,

If I got this right, then the folder has the ACL permission set but the underlying documents do not get this permission inherited automatically.

Do the documents have an initial ADMIN ACL entry? Because this is a requirement to active the inheritance. Without local ADMIN permission set, the superior permissions will not be inherited.

Best regards,

Christoph

Former Member
0 Kudos

Thanks a lot Christoph. Yes, it was because, initial admin authorization was not provided to the documents coming under the folder.

Answers (1)

Answers (1)

benedikt_wagner_mdt
Active Participant
0 Kudos

Hi Aravind,

authorization object ACO_SUPER overrides the ACLs. Could it be that your TEST_USER1 has this authorization object?

Regards,

Benedikt

Former Member
0 Kudos

Hi Benedict,

..ACO_USER was active..thanks..:)..Can you help me with the second part, regarding inheritance of ACL's