Sorry if this one’s been covered before, I’m struggling to see the logic of it.

I attended the XIr1/2 course with BO some time ago now and on the course we learnt how to set the everyone group so it had the most restrictive permissions. We would then go and grant specific permissions to other groups to allow access to the objects we wanted.

I am now in the process of doing a test configuration of our 3.1 environment and I’m not sure everything is as it was.

I have set the everyone group so that they have no access to the root folder.

I have set up some content sub folders folders and have granted view on demand access to the Infoview user groups.

However, these users cannot see the doc folders unless I grant view on demand access at the root level. Obviously, at that point they then see all of the other folders such as auditor, admin, etc

So then i have to go and remove access specifically for those folders which seems like a poor way of administrating the system. It also means that if we add a new folder the users will automatically see the new one until we explicitly deny them.

This seems like a complete turnaround in thinking.

Am i getting this wrong, and if not, can anyone give any pointers as to the best way to achieve what I’m after?

norty303 (BOB member since 2003-03-19)

The fisrt level door (folder), the root folder is no longer a transparent door. ou need to give access to that folder to the Everyone group. View object and appl it at folder level. You will create a closed system like you want …

Ok, so I’ve gone into the Root folder properties and granted Everyone with View access.

But now everyone can see all folders and sub-folders. That’s not a closed system.

Am I misunderstanding you?

thanks

norty303 (BOB member since 2003-03-19)

Yep apply this right only at folder level…

I’m sorry, I don’t understand what you mean by applying it at Folder level.

Are you able to explain in any more detail?

I’ve gone to the root folder and applied view rights to the everyone group and it hasn’t done what I wanted, but I think this is not what you’re telling me to do

norty303 (BOB member since 2003-03-19)

Have a look to this post

Thanks, I think I’ve actually just worked it out what you meant.

I’ve created a ‘Default Access Group’ which I’ve edited the Content --> Folder permissions for by denying everything apart from View, and unticked the ‘include sub-folders’ option. I’ve then applied this to the Everyone group on Root folder

Is this what you meant?

norty303 (BOB member since 2003-03-19)

I took a different approach - I set view for everyone, but I have been turning that off (removing inheritance) for subfolders and giving access to specific groups to these.

By default users can see these folders, but as I get specific users / groups for a folder, I do the above. My users can not write to these, unless they’re also in more privileged groups (admin, support, etc).

Lots of ways to accomplish what you need, once you get used to the tools at your disposal (and I say that knowing it caused me lots of heartache to get to this point).

Good luck, you’ll get it!
Brent

bdouglas (BOB member since 2002-08-29)