Controlling IDS publication by permissions

We want to be able to publish documents using IDS, but control which ones are published through ACLs. In other words, rather than ALL documents in a published folder structure being published, we want to only publish those documents that have broader read access, and not those that have tighter security.

It strikes me that we should be able to specify which user the IDS job runs as. So that rather than running it as dmadmin (which can see all documents) you run it as a user with lower privileges so that only documents accessible to that user are published.

Do you think we can do that? I can’t find any options in the IDS profile configuration, but I wondered if we can specify what user the publishing job runs as. Can you specify what user a job runs as?

Thoughts appreciated.

Thanks,

Bill.

Find more posts tagged with

Comments

DCTM_Guru

Not sure if IDS can do this, but in SCS (precursor to IDS), you can define the version label you can query to publish. If IDS supports this, then you can run update DQL against the publishing folder based on your criteria.

billbeton

Thanks Johnny.

Yes, I believe you can still control IDS publishing using version labels. It may come to that, but I was hoping to find a solution that allows me to use existing permissions (ie not have to change any document attributes). My suspicion is that IDS bypasses everything and goes directly to the database, which would mean permissions are ignored.

Bill.

DCTM_Guru

I'm not sure that it "bypasses and goes directly to the database" as much as you first indicated, that the job run as install owner (eg dmadmin) and just queries for the appropriate version label and publishing folder.

In a typical publishing example, content would go through a review cycle and then get approved to be published. Using this approach, you can limit the review or approval of the publishing based on permissions criterion.

billbeton

Many thanks for your response Johnny.

Bill.