Hi @ all,
in the default configuration nearly every repository and
folder has got the permission "everybody
fullcontroll".
Has
anybody experiences with an permission-concept in
the km.
Our problem is that we defined a km-role so that
the navigation-iviews only point to the folder
"/documents/public documents/" and to the folder
"personal document" in the userhome repository.
This worked
very fine but the problem is that the users can
use a workarround to access other reporistories in
the km by
using the iview "my favorites". There you can
define a new favorite by selecting "new" and than
"browse". Thus
the user has now the possibility to navigate to
the virtual-root an can know access every
repositorie whitch
has the permission "everybody fullcontroll".
I would prefer to restrict all the permissions
of the repositories if i knew that all operations
and iviews will work properly.
So are there any repositories and folders whitch
need the permission "everybody fullcontroll",
except the userhome-repository whitch is clear.
Thank´s for your replys!
Best regards
Kai Rassner
1 Answer
-
Posted on Feb 02, 2004 at 09:00 AM
Hi Kai,
if you do not set ACLs accordingly, there will always be workarounds for users. Favorites are one, searching (if the "artificially invisible" but authorized content is indexed) is another, simply typing URLs by trial and error is the next, etc. thus, you should use ACLs to make content accessible or not.
I do not know off-hand, which folders absolutely require to be accessible. Please discuss this with your consultant. But how much effort would it be, to limit the access rights one hierarchical level below?
Regards, Karsten
Add a comment
Add a comment