cancel
Showing results for 
Search instead for 
Did you mean: 

Rules and user permissions

vassilisx
Champ in-the-making
Champ in-the-making
Hello everyone,

I am testing the rules in folders and I came across the following problem:

Say I use a rule to a folderA for a contributor (userA) to submit a document for review. This rule would move the document to folderB and notify userB (site manager) to review it. In order for the rule to work, userA must have at least contributor rights in folderB (else you get an error that the rule cannot be applied because the document cannot move to this folder).

The document indeed is moved to folderB and userB is indeed notified via email. Yet (and this is my problem) userA, being a contributor to folderB, has adequate permissions to view the contents of folderB and even run the rule applied to this folder to approve the document! (which only userB is supposed to be able to do).

How do I restrict the rule in folderB so that only userB can run it?
1 REPLY 1

afaust
Legendary Innovator
Legendary Innovator
Hello,

the rule is not the part that needs changing, it's the action / script / permissions that need some tuning. User A technically does not need full Contributor permission on folder B, only the permission to add another child node to it. So, giving user A only the permissions Read + AddChildren on folder B suffices for the rules action / script to move the document from folder A to folder B. Additionally, you need to withdraw ownership status of user A on the document to exclude any permissions granted by that, otherwise user A will always be able to do what he wants with the document.

Normally, I would write such an action in Java in order to make use of the broader API there. E.g. I can move the document with Java without having to give user A any special permissions just for this action.

Regards
Axel