https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319060#M6061 <P>Have a look here &gt; http</P> Thu, 01 Mar 2012 20:17:15 GMT bruce_Grant 2012-03-01T20:17:15Z https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319054#M6055 <P>Hi,</P> <P>Is it possible to block access to the administrator for a certain workspace/folder in Nuxeo(-dm) 5.5?</P> <P>We tried set all permissions to "deny" but the folder is still visible to administrator. And we did save "local rights".</P> <P>The same behavior happens if administrator in question is defined through "administratorId" in the config of is only a member of administrators.</P> <P>The desired effect is the following :</P> <P>We want to have a "nuxeo officer/administrator" who is able to fine tune our Nuxeo instance, and sometime helps user with problems.</P> <P>But we don't want this user be able to see certain sensitive documents (like salaries). Is there a way to achieve this goal?</P> <P>Thanks.</P> <P>Patrick</P> Tue, 28 Feb 2012 16:56:26 GMT https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319054#M6055 patrek 2012-02-28T16:56:26Z https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319055#M6056 <P>I played a little bit with the SecurityPolicy api, but it seems that if a user is in the groups "administrators", the SecurityPolicy extension checkPermission method is not called.</P> Tue, 28 Feb 2012 21:23:34 GMT https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319055#M6056 patrek 2012-02-28T21:23:34Z https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319056#M6057 <P>This is not possible with the current security model. Note that even if it was, your administrator probably has access to the database and storage and would be able to access the document anyway, albeit not as easily.</P> <P>You may want to store an encrypted version of the document instead, with the decryption key shared only between people who should be able to access it (encryption/decryption would be done client-side, outside Nuxeo).</P> Thu, 01 Mar 2012 09:33:24 GMT https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319056#M6057 2012-03-01T09:33:24Z https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319057#M6058 <P>What happens if you enable document-level security and remove inherited rights? Same result?</P> Thu, 01 Mar 2012 18:32:37 GMT https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319057#M6058 bruce_Grant 2012-03-01T18:32:37Z https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319058#M6059 <P>Can you point me to the right place in the documentation to enable document-level security?</P> Thu, 01 Mar 2012 20:05:09 GMT https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319058#M6059 patrek 2012-03-01T20:05:09Z https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319059#M6060 <P>Not in our case.</P> Thu, 01 Mar 2012 20:05:32 GMT https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319059#M6060 patrek 2012-03-01T20:05:32Z https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319060#M6061 <P>Have a look here &gt; http</P> Thu, 01 Mar 2012 20:17:15 GMT https://connect.hyland.com/t5/nuxeo-forum/block-access-to-nuxeo-administrator/m-p/319060#M6061 bruce_Grant 2012-03-01T20:17:15Z