Discussions
Categories
Groups
Community Home
Categories
INTERNAL ENABLEMENT
POPULAR
THRUST SERVICES & TOOLS
CLOUD EDITIONS
Quick Links
MY LINKS
HELPFUL TIPS
Back to website
Home
Content Management (Extended ECM)
API, SDK, REST and Web Services
How to restrict permissions on a specific group?
Dan_Duffy
Restrict Livelink Permissioning such that a specific group cannot be permissioned to specific object type items not tagged as ?External?. Currently, the following object types should be restricted, however the customization should be flexible to add/remove object types:1. Compound Document, 2. Document, 3. Folder, 4. Shortcut, 5. Task List, 6. Text DocumentPlease let me know if there is a better way to do this.Thanks,Ravi
Find more posts tagged with
Comments
Nair_Krishnankutty_(nairkrishnankutty_-_(deleted))
Trying to understand,Not a solutionYou have GroupA in livelink which is your target group that meets a business rule criterion if Document is tagged "external" are you saying that this group should be able to be dropped into the Object creation privileges GUI (they get to create it)Orthe Other way around(if you are restricting already they don't get to do it anyway)Your usage of "cannot" and "not" confuses the **** out of mealmost like negative of the negative,should a req be phrased this legalese ?
Dan_Duffy
I am re-phrasing my question:How to restrict "specific" group permissions on specific object type items that are not considered as "External"? - Using Oscript customization, what are the objects that need to be overridden?
Dan_Duffy
GroupA contains internal users who are coordinators on a Project.GroubB contains only external users who get access only on External access folders (custom folder) in a project.If the GroupA accidentally gives permissions on internal folders then external user can access the document that they are not supposed to access.Can we custmoize the permissions that internal users wouldn't be able to give access accidentally?
eLink User
Message from Nair, Krishnankutty via eLinkThis is a really good one and I can only give you thoughts that comeinto my mind.There maybe saner People and thoughts out there.I also think the Livelink Privacy Panelmay atleast have some parts of code thatCould be re-used.The Livelink Privacy Panel does allow selectivefiltering on a variety of rules.>From the looks of it here's where you could implemenet it with lots ofthought on how aSmart user could bypass it.A)The Projects Add Participants page .The design should only producegroups that are eligible to be added here correct then look at how the AddParticipants is made. I would probably orphan the project object and enforce my businessrules here with a case stmt.B)Actual folders(objects) permission levels.You do not want explicitpermissions to be granted to users.Here again look at the view source of the right frame and youprobably could enforce your business rules thru some smart client javascripting(In the worst case you mayhave to write your own webscript)C)Here's a very difficult scenario.You have ExternalGroupA which shouldnot be theoretically be seeing folders that they are not entitled.If you have user admins what is preventingthem from nesting ExternalGroupA into CompanyGroupB so all your checks and balances thru A & B are nowdefeated.In a recent post Donna Nalls mentioned that sometimes programming maynot be panacea to all use cases.You may just want to enforce some enduser training in your org to maintain some discipline.Once again my views are all thoretical so you may want to brainstormwith other people too or even ask a smart third party person (DonnaNalls is one,Alex Kowalenko another and several others).There is alwaysOT consulting if this is a huge concern. -----Original Message-----From: eLink Discussion: Development Discussion[mailto:development@elinkkc.opentext.com] Sent: Thursday, October 12, 2006 3:47 PMTo: eLink RecipientSubject: GroupA contains internal users who are coordinators on aProject.GroupA contains internal users who are coordinators on a Project.Posted by BofA, Developers @ on 10/12/2006 04:41 PMGroupA contains internal users who are coordinators on a Project.GroubB contains only external users who get access only on Externalaccess folders (custom folder) in a project.If the GroupA accidentally gives permissions on internal folders thenexternal user can access the document that they are not supposed toaccess.Can we custmoize the permissions that internal users wouldn't be able togive access accidentally?[To reply to this thread, use your normal E-mail reply function.]============================================================Topic: How to restrict permissions on a specific group?
https://knowledge.opentext.com/knowledge/llisapi.dll/open/8491007Discussion
: Development Discussion
https://knowledge.opentext.com/knowledge/llisapi.dll/open/786303Livelink
Server:
https://knowledge.opentext.com/knowledge/llisapi.dllTo
Unsubscribe from this Discussion, send an e-mail tounsubscribe.development@elinkkc.opentext.com.-----------------------------------------*Please note my E-Mail Address has changed. Please update yourcontact list*Anadarko Confidentiality Notice: This electronic transmission and any attached documents or otherwritings are intended only for the person or entity to which it isaddressed and may contain information that is privileged,confidential or otherwise protected from disclosure. If you havereceived this communication in error, please immediately notifysender by return e-mail and destroy the communication. Anydisclosure, copying, distribution or the taking of any actionconcerning the contents of this communication or any attachments byanyone other than the named recipient is strictly prohibited.
Greg_Griffiths_(ggriffiths_-_(deleted))
Have you not thought about using Domains ? or seperate servers for Internal and External users ? I've seen a similar type of functionality developed for ASP environments by OT and also one of thier partners - Causeway (
http://www.causeway.com).There
is a huge amount to override as user dialogs can appear in many places e.g. workflows, WF Proxy, folder structure, project membership etc.As Nair indicates there is a lot of work here, so think through it carefully otherwise you will confuse your users no end.You have also posted this on TekTips (
http://www.tek-tips.com/viewthread.cfm?qid=1289212&page=1)
so please try and keep both forums updated as you make progress.
Dan_Duffy
Thanks Greg! We thought about using two separate servers for Internal and Extenal Users but we didn't have clear ideas on how to design this? If you have more ideas around this, would please give some more details?
