Home Documentum

DFC Copy Operation, who's using it

edited October 23, 2017 in Documentum

Hi all,

I knew about the DFC copy operation, but never had to use it myself. After looking at it in more detail, I realized that the copy operation is not preserving some kind of security change within the tree. I find it interesting that

source_folder (acl1)

     sub_folder1 (acl1)

     sub_folder2 (acl2)

becomes

destination_folder (acl3)

     sub_folder1 (acl3)

     sub_folder2 (acl3)

Wouldn't it make more sense to get something like

destination_folder (acl3)

     sub_folder1 (acl3)

     sub_folder2 (dm_XXXXX)

Who's with me on this?

What is the use case of copying a structure and resetting security to root folder security?

Cheers

Alain

Comments

  • edited October 20, 2017

    The ACL assignment is driven by the Inherit Permissions From setting on the content server/repo config (I can never remember which one).  Based on your results, it looks like it is set to Inherit Permissions From FOLDER.

    If you want to preserve the ACLs as part of your copy, you will need to loop through the objects and assign them yourself.

  • edited October 20, 2017

    You're not answering the question Johnny :-)

  • edited October 23, 2017

    In principle I would tend to agree. But if you think about it, there are several reasons why the copies can't have the same ACLs. For example, as the owner of the copies, you probably expect to be able to modify and delete them as you please. However, the original ACL may not allow you to do that (all we know is that you have at least READ on the source documents, probably more on the copies since you are now the owner but not necessarily DELETE). Furthermore, if the source ACLs are user ACLs, you're not supposed to use them for your own objects (only the owner of user ACLs may use them).

  • PanfilovABPanfilovAB blog.documentum.pro
    edited October 23, 2017

    > DFC Copy Operation, who's using it

    We do, and we do not experience any difficulties. No doubts that your observations are interesting, but it is not clear what issue you are facing with, so, it is not possible to say whether the behaviour you described is correct or not. Let me explain this point:

    1. using copy operation in single repository makes sense only when you actually copy "templates" - in case of live data your users will face with "inconveniences" caused by duplicates, for example they will see multiple documents in search results, so, assigning default ACLs seems to be reasonable
    2. using copy operation across multiple repositories and remapping ACLs would be useful, but unfortunately copy operations does not have such functionality
Sign In or Register to comment.