Community
Vault Forum
Welcome to Autodesk’s Vault Forums. Share your knowledge, ask questions, and explore popular Vault topics.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

File ACL on Folder ACL

5 REPLIES 5
Back to Vault Category
Back to Topic Listing
Reply
Message 1 of 6
gustavoGGT
Enthusiast
362 Views, 5 Replies
‎10-28-2014 06:09 AM
‎10-28-2014 06:09 AM

File ACL on Folder ACL

In the situation that a file has an ACL with DENY for modify and delete, and nothing set for READ, I would expect that the folder ACL is in the lead with an ALLOW on READ. Correct?

 

Thanks in advance.

 

Gustavo

Report
0 Likes
Reply
5 REPLIES 5
Message 2 of 6
paul.gunn
Alumni
in reply to: gustavoGGT
‎10-28-2014 06:24 AM
‎10-28-2014 06:24 AM

Hi,

 

File and folder ACLs are not combined in any way. In absense of a file ACL , security for a file is inheritted from the folder. However, if an ACL is specified on the file (either directly or via lifecycle state), that ACL acts as a full override and the folder ACL is not considered .

 

Hope this helps,

Paul

Report
0 Likes
Reply
Message 3 of 6
gustavoGGT
Enthusiast
in reply to: paul.gunn
‎10-28-2014 06:36 AM
‎10-28-2014 06:36 AM

Thanks Paul for the quick reply.

 

 

But where is the READ DENY comming from? There is no ALLOW or DENY in the file ACL.

 

Guus

 

 

Report
0 Likes
Reply
Message 4 of 6
paul.gunn
Alumni
in reply to: gustavoGGT
‎10-28-2014 06:42 AM
‎10-28-2014 06:42 AM

Hi,

 

Default behavior is to not allow unless the user or one of his groups has the 'allow' box checked (and no denies). No check in either 'allow' or 'deny' means the user/group is not prevented from doing the read - but they are not being allowed either. This distinction becomes important when combining user and group permissions together. e.g. a given group may not be specifically allowed access , but the group should not necessarily be prevented either.

 

Paul

Report
0 Likes
Reply
Message 5 of 6
gustavoGGT
Enthusiast
in reply to: paul.gunn
‎10-28-2014 07:51 AM
‎10-28-2014 07:51 AM

OK, I got it now.

 

As a result of our security configuration, what we see now, is when we browse through the folder structure the DENIED folders and files are not visible, OK. But when we do a FIND we see files with a NOTACCESIBLE path and we can do a GET. I would expect not to find the file the same as when I browse.

 

Regards,

 

Guus

Report
0 Likes
Reply
Message 6 of 6
paul.gunn
Alumni
in reply to: gustavoGGT
‎10-28-2014 08:13 AM
‎10-28-2014 08:13 AM

Hi,

 

Based on the ACLs you've described, it sounds like this is the correct result per the product design. I think the intent is that files can be used in many ways (opened, linked to, etc.) even when you don't have permissions to the containing folder. That said, I do see where an option to aggregate folder and file permissions for file security could a nice feature - this would be a good candidate for consideration on the Idea Station (accessible via the permalinks in the newgroup here).

 

Paul

Report
0 Likes
Reply
Reply

Can't find what you're looking for? Ask the community or share your knowledge.

Post to forums  

Autodesk Design & Make Report

Report a website issue