Folder access combined with files access

coroller.damien · ‎03-20-2024

Hi,

I have created folder lifecycles with the definition security set as "Combine with object-based security".

One of the lifecycle is set so only a select few Vault groups are able to Read/Modify/Download while the others can only Read/Download.

I can see from those users' computer the folders using this category as locked. Those users cannot add new files into one of those folders, as per the settings.

However, they are able to check out/in a file already placed in the folder which they have access to modify as the file category is set to Read/Modify/Download. The file category definition security is set as "Combine with object-based security".

We are in Vault 2024.2

What setting shall I change to ensure a file cannot be modified if the folder is set as read only, even if they have access to modify the file as per the lifecycle?

Thanks

ihayesjr · ‎03-20-2024

@coroller.damien

The "combined" model combines the file's object-based and state-based securities together to make the effective permission on the file for the user.

The files object-based security comes from the folder's object-based security, not from the folder's state-based security.

That is why you are not getting the results you want.

On the folder you need to set the Object-based security and set it so that those groups of users do not have the modify permission.

You can review my security class for more details.

Security Awakens: Defending Against the First Order | Autodesk University

Irvin Hayes Jr
Principal Product Manager
Autodesk, Inc.
Vault - Under the Hood Blog

Community

Folder access combined with files access

Folder access combined with files access

Folder access combined with files access