08-06-2013, 09:45 AM
Hello all,
Using version 1.2.6.6 installed last month on uBuntu server. When a new user is created and assigned to a particular department that has not been granted admin or review authority the user is able to see the file listings OK for their assigned department. However, they have no rights to do anything (Unable to even view any of the files). When I edit the file permission for that department and set it view/read/write type of access it does not have any effect for the user. If the new user adds a document then it appears to have full access to the document even if the owner is changed to another account. So the new user can add a new document but not authorize it. The later requires somebody else. After acceptance the user can view/read/write/admin/delete the document since that user is the owner even if the owner is changed to someone else. However the user is not able to even view any other documents from others in the same department just the listing of the docs available without any access displaying " - / - / - " in the rights field.
If I set that new user a doc level permission then that user has the access as desired. But that is really poor when all documents have to managed individually for each individual user. Forcing all documents to be modified again when a new user is created later to give the new account the desired rights.
Presently the only solution I see is to give new users the review authority for the department they are assigned.
Perhaps I do not understand the department and individual security settings. I am viewing it as something similar to the unix group and owner level "rwx" access rights. If this is not the case then may somebody help me to understand the security concept here? Or point me to a written document that explains the security concepts implemented.
thank you for your consideration,
James
Using version 1.2.6.6 installed last month on uBuntu server. When a new user is created and assigned to a particular department that has not been granted admin or review authority the user is able to see the file listings OK for their assigned department. However, they have no rights to do anything (Unable to even view any of the files). When I edit the file permission for that department and set it view/read/write type of access it does not have any effect for the user. If the new user adds a document then it appears to have full access to the document even if the owner is changed to another account. So the new user can add a new document but not authorize it. The later requires somebody else. After acceptance the user can view/read/write/admin/delete the document since that user is the owner even if the owner is changed to someone else. However the user is not able to even view any other documents from others in the same department just the listing of the docs available without any access displaying " - / - / - " in the rights field.
If I set that new user a doc level permission then that user has the access as desired. But that is really poor when all documents have to managed individually for each individual user. Forcing all documents to be modified again when a new user is created later to give the new account the desired rights.
Presently the only solution I see is to give new users the review authority for the department they are assigned.
Perhaps I do not understand the department and individual security settings. I am viewing it as something similar to the unix group and owner level "rwx" access rights. If this is not the case then may somebody help me to understand the security concept here? Or point me to a written document that explains the security concepts implemented.
thank you for your consideration,
James