Can I make all documents and folders under a cabinet automatically inherit the ACL given to the cabi

Hi,

Does the ACL attached to a cabinet propagate to its folders and documents it it? I mean can I make all documents and folders under a cabinet automatically inherit the ACL given to the cabinet? Can I make it so? If yes, how?

Thanks.

Find more posts tagged with

Documentum

Note:

If there are Accepted Answers, those will be shown by default. You can switch to 'All Replies' by selecting the tab below.

Accepted answers

DCTM_Guru

You need to change "... default ACL is recorded in the server config object" to FOLDER.

All comments

abc123

It's possible for a new cabinet. According to Content Server doc:

The default ACLs

If a user or application creates and saves a new object without explicitly assigning an ACL or permissions to the object, Content Server assigns a default ACL. The ACL designated as the default ACL is recorded in the server config object of the Content Server, in the default_acl property. The designated ACL can be any of the following ACLs:

• The ACL associated with the object primary folder

An object primary folder is the folder in which the object is first stored when it is created. If the object was placed directly in a cabinet, the server uses the ACL associated with the cabinet as the folder default.

• The ACL associated with the object creator

Every user object has an ACL. It is not used to provide security for the user but only as a potential default ACL for any object created by the user.

• The ACL associated with the object type

Every object type has an ACL associated with its type definition. You can use that ACL as a default ACL for any object of the type.

In a newly configured repository, the default_acl property is set to the value identifying the user ACL as the default ACL. You can change the setting through Documentum Administrator.

athati

Thanks Zhou.

I need to understand it clearly. My requirement is as follows:

As an Administrator, I will create a Cabinet and a folder structure. I will create and attach an ACL to the cabinet. Later users will import/create new documents in folders/Cabinet. Shall assume that those new documents will inherit the ACL same as ACL associated with the Cabinet? If not what exactly I need to do to achieve this?

Thanks.

DCTM_Guru

You need to change "... default ACL is recorded in the server config object" to FOLDER.

athati

Thanks Johnny.

I changed the default ACL (default_act) to option 2 which refers to "ACL associated with the object’s type". Do I need to restart docbase/docbroker to get the change effected? By querying Server Config Object, I am getting the new value of 2, but when imported my new document of that type is getting the default ACL associated to that type (In DA under types, I see defauly ACL of that type set to correct ACL)

Please advise me.

Thanks.

DCTM_Guru

Why are you setting this to type (after both William and I tell you to set it to FOLDER)? This means all your folders will get same acl regardless of the acl assigned to parent folder.

You question has to do with inheritance from cabinet/folder and you are totally disregarding our suggestion.

athati

I am sorry Johnny. It is not that I am disregarding your advice. When I see the object reference manual under dm_server_config I see the following for default_acl:

1: ACL associated with the object’s primary folder

2: ACL associated with the object’s type

3: ACL associated with the user who created the object

4: No default ACL is specified

I am experimenting on my test system with option 2 for object type ACL. I am sorry if I hurt you. Now I changed to option 1 (ACL associated with the object’s primary folder).

Please advise me.

Thanks.

pettitk

1: ACL associated with the object's primary folder

is FOLDER...

DCTM_Guru

I'm not hurt as much as annoyed. If you are asking a specific question and people go out of their way to respond to your question (with correct answer), and then you choose to do something else with no explaination of why you are not doing what people tell, you will probably frustrate the same people who are trying to help you.

There are a few posters on the forum who I personally choose not to assist b/c of their lack of appreciation of our help or their total disregard for community rules.

Here are some of community rules and some of personal rules:

If your question has been answered, mark the question as answered.
Mark it helpful if people provide helpful hints. Marking questions helpful/answered helps people find answers quickly to same questions.
Create a new discussion thread for new questions. Do NOT piggyback on the same thread or worse piggyback on someone else who has created a thread that has nothing to do with your question.
Keep in mind that the community does NOT get paid to answer your questions. So posting questions in ALL CAPS or posting questions with Urgent - need answer now!!! will not affect getting assistance quicker.
Also, please dont send technical questions directly to people. I like to share questions and answers with the community so that others can learn from the interchange.

Hopefully this helps you with understanding forum etiquette.

lastnitescurry

Sorry William but this is not correct for 6.6 or 6.7 repositories. In fact it has been the case for quite a few versions before this but no idea when immplementation and documentation started to disagree.

William Zhou wrote:• The ACL associated with the object typeEvery object type has an ACL associated with its type definition. You can use that ACL as a default ACL for any object of the type.

I tried Type based inheritance on a project last year and it was not possible. Attached HTML shows the result of the following DQL on my 6.6 Dev Edition

SELECT r_object_id, r_type_name, r_supertype FROM dmi_type_info WHERE acl_name IS NULLSTRING

athati

Thanks Johnny for the info.

I fully agree with you and with the rules. I do follow them from now on.

Thank you very much for your help.