Sorry if this one’s been covered before, I’m struggling to see the logic of it.
I attended the XIr1/2 course with BO some time ago now and on the course we learnt how to set the everyone group so it had the most restrictive permissions. We would then go and grant specific permissions to other groups to allow access to the objects we wanted.
I am now in the process of doing a test configuration of our 3.1 environment and I’m not sure everything is as it was.
I have set the everyone group so that they have no access to the root folder.
I have set up some content sub folders folders and have granted view on demand access to the Infoview user groups.
However, these users cannot see the doc folders unless I grant view on demand access at the root level. Obviously, at that point they then see all of the other folders such as auditor, admin, etc
So then i have to go and remove access specifically for those folders which seems like a poor way of administrating the system. It also means that if we add a new folder the users will automatically see the new one until we explicitly deny them.
This seems like a complete turnaround in thinking.
Am i getting this wrong, and if not, can anyone give any pointers as to the best way to achieve what I’m after?
The fisrt level door (folder), the root folder is no longer a transparent door. ou need to give access to that folder to the Everyone group. View object and appl it at folder level. You will create a closed system like you want …
I’m sorry, I don’t understand what you mean by applying it at Folder level.
Are you able to explain in any more detail?
I’ve gone to the root folder and applied view rights to the everyone group and it hasn’t done what I wanted, but I think this is not what you’re telling me to do
Thanks, I think I’ve actually just worked it out what you meant.
I’ve created a ‘Default Access Group’ which I’ve edited the Content --> Folder permissions for by denying everything apart from View, and unticked the ‘include sub-folders’ option. I’ve then applied this to the Everyone group on Root folder
I took a different approach - I set view for everyone, but I have been turning that off (removing inheritance) for subfolders and giving access to specific groups to these.
By default users can see these folders, but as I get specific users / groups for a folder, I do the above. My users can not write to these, unless they’re also in more privileged groups (admin, support, etc).
Lots of ways to accomplish what you need, once you get used to the tools at your disposal (and I say that knowing it caused me lots of heartache to get to this point).