Hi Kai,
if you do not set ACLs accordingly, there will always be workarounds for users. Favorites are one, searching (if the "artificially invisible" but authorized content is indexed) is another, simply typing URLs by trial and error is the next, etc. thus, you should use ACLs to make content accessible or not.
I do not know off-hand, which folders absolutely require to be accessible. Please discuss this with your consultant. But how much effort would it be, to limit the access rights one hierarchical level below?
Regards, Karsten
Add comment