cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Portal with minimal KM and collaboration permissions for standard users

Go to solution
stefan_mahnke
Participant

on ‎08-03-2016 5:50 PM

0 Kudos

Hi Experts,

I am looking for a best practice to restrict the KM and collaboration permissions for my portal users to a minimum.

Only reading of some KM documents should be possible (permissions on these folder are already set).

Nothing more especially:

- no KM uploads or creations in any KM folder (not even in userhome/my documents etc.)

- no collaboration rights

- no workflow rights

- no access via KM navigation nor via direct URLs to documents or any of the above services

- only the admins should be able to put new documents into KM

How can I achieve this? I guess deactivating the services from the documents repository is

only a small part of what needs to be done but maybe there  are some "big switches"?

Thanks for your help!

Regards Stefan

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

kiruthika_s
Active Participant
‎08-05-2016 9:29 AM
0 Kudos

Hi Stefan,

This can be controlled by Details-setting-permission and also by service permission for the folder or file will help  you to achieve the issue.

Regards

Kiruthika

Show replies
Show replies
stefan_mahnke
Participant
‎08-18-2016 8:58 AM
0 Kudos

Hi Kiruthika,

as you proposed I revoked the rights for everybody from most of the folders (except the ones that are needed). But this doesn't seem to work for the personal documents folders. How can I revoke the permissions to add or change files inside the userhome folder (also for not yet created users)?

Thanks and regards

Stefan

cathal_kelly
Participant
‎09-04-2016 4:29 PM
0 Kudos

Hi Stefan,

The /userhome folders are a special case as the permissions on the users folders in this repository are set automatically by the system (upon creation) and the permissions on each folder is unique to the user for which the folder was created. The permissions on this repository should never be manually changed - doing so will break the functionality of this repository and would leave users unable to create and/or access their own personal documents and portal favorites. As each folders permission settings are unique for that user, it would be impossible to restore the permissions at any point in the future other than by manually accessing each individual folder and setting the permissions for the users individually. Is there a specific reason you would wish to prevent users from adding or accessing documents to their own personal documents folders? They would still only be able to access them if they have the required permissions on the document itself. The entries created in their userhome folders are simply links to the original documents. If the permissions on the original document are changed then they will be unable to access the document regardless of whether they attempt to do so through the link in their personal documents folder.

Kind regards,

Cathal

stefan_mahnke
Participant
‎09-05-2016 8:03 AM
0 Kudos

Hi Cathal,

thanks for your ideas. The requirement is that the users can not create any files on the portal, not even in their own user space, as it would be possible to put JavaScript (Cross Site Scripting) or any other harmful code there and send links to this files via email or other means to potential victims.

So my use case is that we want users to navigate in a custom KM folder including subfolders and access the files within, but not to open any other documents in any other repository nor be able to put files on portal anywhere.

I wonder that the KM filter (File Extension and Size Filter) where you can limit the upload size and characters that can be used in the filename are minimum 1 KB. So every one can at least upload files up to 1 kilobyte. If this could be set to 0 everything would be fine.

So as you already mentioned, that I shouldn't set the permissions manually, what I agree to, I will have to disable the whole userhome repository itself. Hope that this is not too problematic.

Thanks and regards

Stefan

Answers (0)

Ask a Question