Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Seperate view and download permissions for custom types

aniruddh
Champ in-the-making
Champ in-the-making

‎08-06-2012 09:22 AM

Hi,
   I have a custom content model which has a base type from which other content types inherit. I have the following two requirements and I would ideally like to use custom permissions.

1. Seperate permissions for accessing node content (view) and downloading the node content
2. For the content type prevent the owner from deleting the content

I have tried to look for the solution in this forum and elsewhere but with no success. Has someone done this before? Please help.
Labels:
0 Kudos
4 REPLIES 4

afaust
Legendary Innovator
Legendary Innovator

‎08-06-2012 06:23 PM

Hello,

#1 is quite tricky, since you need the same permission for view as for download. The simplest option I see here is in specifying a custom permission set for your type, with a custom permission for download and only use this permission for Share DocLib UI action evaluation. I see no way to effectively guard against download via direct URI (if known or reconstructed by user), unless you are willing to replace the standard download services with custom implementations that check the permission on the repo layer.

#2 can be achieved without custom permissions. Simply define a rule or policy that transfers ownership to the OwnableService.NO_OWNER value when the node is created. This is the best opion since fiddling with the ownership permission on a definition level will likely produce some unwanted side effects due to its global usage.

Regards
Axel
0 Kudos

aniruddh
Champ in-the-making
Champ in-the-making

‎08-07-2012 02:41 AM

Thanks Axel for your reply. I had a similar thoughts regarding #1 and was thinking of implementing the permission checks in a filter on the download servlet. The filter can check for the custom permission and send a response accordingly. Do you think this is a good idea?
0 Kudos

aniruddh
Champ in-the-making
Champ in-the-making

‎08-08-2012 05:28 AM

I have tried creating a rule on a space to add the ownable aspect. But it does not work. I have a space named "Test Space" inside the users Home Space and added a rule to the space to add ownable aspect to any content. However, the delete button is still visible and the content can be deleted by the user. I have also tried creating a node policy OnCreateNodePolicy for my custom type and add the ownable aspect but with the same results. Please help.
0 Kudos

afaust
Legendary Innovator
Legendary Innovator

‎08-10-2012 04:11 PM

Hello,

inside the users home space, it does not matter if the user is the owner of the content or not - the user the space belongs to always has administrator (i.e. coordinator) privileges on it and every content contained therein. So this is not a proper test of your rule - you should try it in a different location. The only way to achieve this is the users home space is by setting the inheritsParentPermissions flag to false in addition to revoking the ownership on the content - keep in mind though, for the user to have any access afterwards, you need to grant him explicit permissions on that node.

Regards
Axel
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC