on 08-03-2016 5:50 PM
Hi Experts,
I am looking for a best practice to restrict the KM and collaboration permissions for my portal users to a minimum.
Only reading of some KM documents should be possible (permissions on these folder are already set).
Nothing more especially:
- no KM uploads or creations in any KM folder (not even in userhome/my documents etc.)
- no collaboration rights
- no workflow rights
- no access via KM navigation nor via direct URLs to documents or any of the above services
- only the admins should be able to put new documents into KM
How can I achieve this? I guess deactivating the services from the documents repository is
only a small part of what needs to be done but maybe there are some "big switches"?
Thanks for your help!
Regards Stefan
Hi Stefan,
This can be controlled by Details-setting-permission and also by service permission for the folder or file will help you to achieve the issue.
Regards
Kiruthika
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kiruthika,
as you proposed I revoked the rights for everybody from most of the folders (except the ones that are needed). But this doesn't seem to work for the personal documents folders. How can I revoke the permissions to add or change files inside the userhome folder (also for not yet created users)?
Thanks and regards
Stefan
Hi Stefan,
The /userhome folders are a special case as the permissions on the users folders in this repository are set automatically by the system (upon creation) and the permissions on each folder is unique to the user for which the folder was created. The permissions on this repository should never be manually changed - doing so will break the functionality of this repository and would leave users unable to create and/or access their own personal documents and portal favorites. As each folders permission settings are unique for that user, it would be impossible to restore the permissions at any point in the future other than by manually accessing each individual folder and setting the permissions for the users individually. Is there a specific reason you would wish to prevent users from adding or accessing documents to their own personal documents folders? They would still only be able to access them if they have the required permissions on the document itself. The entries created in their userhome folders are simply links to the original documents. If the permissions on the original document are changed then they will be unable to access the document regardless of whether they attempt to do so through the link in their personal documents folder.
Kind regards,
Cathal
Hi Cathal,
thanks for your ideas. The requirement is that the users can not create any files on the portal, not even in their own user space, as it would be possible to put JavaScript (Cross Site Scripting) or any other harmful code there and send links to this files via email or other means to potential victims.
So my use case is that we want users to navigate in a custom KM folder including subfolders and access the files within, but not to open any other documents in any other repository nor be able to put files on portal anywhere.
I wonder that the KM filter (File Extension and Size Filter) where you can limit the upload size and characters that can be used in the filename are minimum 1 KB. So every one can at least upload files up to 1 kilobyte. If this could be set to 0 everything would be fine.
So as you already mentioned, that I shouldn't set the permissions manually, what I agree to, I will have to disable the whole userhome repository itself. Hope that this is not too problematic.
Thanks and regards
Stefan
User | Count |
---|---|
67 | |
8 | |
8 | |
6 | |
6 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.