Topic
  • 2 replies
  • Latest Post - ‏2012-11-21T15:57:44Z by cwoliveira
SystemAdmin
SystemAdmin
199 Posts

Pinned topic Access permissions for a folder

‏2012-11-19T14:07:37Z |
Hi,
We are developing a workflow. The workflow creates folders for specific project dynamically . When a folder(for a project) is created, we need to set access permissions. The access permissions are defined in a separate database table. The table has the list the users who can view the documents of a particular project.

We have tried to achieve using Security Templates, but could not do it. We tried APIs to achieve the same, but not clear on how to use AccessPErmissions to set access at user level.

Can anyone let me know how to do this ?
Updated on 2012-11-21T15:57:44Z at 2012-11-21T15:57:44Z by cwoliveira
  • SystemAdmin
    SystemAdmin
    199 Posts

    Re: Access permissions for a folder

    ‏2012-11-20T02:54:28Z  
    >> We tried APIs to achieve the same, but not clear on how to use AccessPErmissions to set access at user level.

    I'm not sure what you mean by that. Manipulating an object's ACL is reasonably well documented. If you're trying to do it from a WF step, I don't know if CE_operations has the appropriate methods implemented, but you could always write your own.

    I assume the list of users in the separate database is somehow dynamic or otherwise complex. There must also be a a property value or something about the folder that tells you how to look things up in the separate database. I think you want to put a CE subscription on the create event for project folders. You could do it either via an async event handler or, for recent CE releases, via a change preprocessor. The latter is more efficient.
  • cwoliveira
    cwoliveira
    19 Posts

    Re: Access permissions for a folder

    ‏2012-11-21T15:57:44Z  
    >> We tried APIs to achieve the same, but not clear on how to use AccessPErmissions to set access at user level.

    I'm not sure what you mean by that. Manipulating an object's ACL is reasonably well documented. If you're trying to do it from a WF step, I don't know if CE_operations has the appropriate methods implemented, but you could always write your own.

    I assume the list of users in the separate database is somehow dynamic or otherwise complex. There must also be a a property value or something about the folder that tells you how to look things up in the separate database. I think you want to put a CE subscription on the create event for project folders. You could do it either via an async event handler or, for recent CE releases, via a change preprocessor. The latter is more efficient.
    Hi,

    There are some references about working with permissions. You could also explore a additional approach using Marking Sets.

    Setting Permissions
    http://pic.dhe.ibm.com/infocenter/p8docs/v5r1m0/topic/com.ibm.p8.ce.dev.ce.doc/sec_procedures.htm?path=11_2_3_2_1_2#sec_procedures_setting_permissions

    Markings overview
    http://pic.dhe.ibm.com/infocenter/p8docs/v5r1m0/topic/com.ibm.p8.security.doc/p8psa058.htm

    Working with Marking Objects
    http://pic.dhe.ibm.com/infocenter/p8docs/v5r1m0/topic/com.ibm.p8.ce.dev.ce.doc/sec_procedures.htm?path=11_2_3_2_1_3#sec_procedures_markings

    Thanks,

    Carlos