Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Block access to nuxeo administrator

Go to answer
patrek
Star Contributor
Star Contributor

‎02-28-2012 11:56 AM

Hi,

Is it possible to block access to the administrator for a certain workspace/folder in Nuxeo(-dm) 5.5?

We tried set all permissions to "deny" but the folder is still visible to administrator. And we did save "local rights".

The same behavior happens if administrator in question is defined through "administratorId" in the config of is only a member of administrators.

The desired effect is the following :

We want to have a "nuxeo officer/administrator" who is able to fine tune our Nuxeo instance, and sometime helps user with problems.

But we don't want this user be able to see certain sensitive documents (like salaries). Is there a way to achieve this goal?

Thanks.

Patrick

0 Kudos
1 ACCEPTED ANSWER

Go to answer
Not applicable

‎03-01-2012 04:33 AM

This is not possible with the current security model. Note that even if it was, your administrator probably has access to the database and storage and would be able to access the document anyway, albeit not as easily.

You may want to store an encrypted version of the document instead, with the decryption key shared only between people who should be able to access it (encryption/decryption would be done client-side, outside Nuxeo).

View answer in original post

6 REPLIES 6

Go to answer
patrek
Star Contributor
Star Contributor

‎02-28-2012 04:23 PM

I played a little bit with the SecurityPolicy api, but it seems that if a user is in the groups "administrators", the SecurityPolicy extension checkPermission method is not called.

0 Kudos

Go to answer
Not applicable

‎03-01-2012 04:33 AM

This is not possible with the current security model. Note that even if it was, your administrator probably has access to the database and storage and would be able to access the document anyway, albeit not as easily.

You may want to store an encrypted version of the document instead, with the decryption key shared only between people who should be able to access it (encryption/decryption would be done client-side, outside Nuxeo).

Go to answer
patrek
Star Contributor
Star Contributor
In response to

‎03-01-2012 03:05 PM

Not in our case.

0 Kudos

Go to answer
bruce_Grant
Elite Collaborator
Elite Collaborator

‎03-01-2012 01:32 PM

What happens if you enable document-level security and remove inherited rights? Same result?

0 Kudos

Go to answer
patrek
Star Contributor
Star Contributor

‎03-01-2012 03:05 PM

Can you point me to the right place in the documentation to enable document-level security?

0 Kudos

Go to answer
bruce_Grant
Elite Collaborator
Elite Collaborator

‎03-01-2012 03:17 PM

Have a look here > http

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC