Removing invalid security IDs
If the access settings for a document or object include an expired or invalid Security ID (SID), you cannot update the access settings until you remove the expired or invalid SID.
Symptoms
You are unable to update access settings on a document or object.Causes
This issue can be caused by expired or invalid Security IDs (SIDS) that are included in the document or object.Resolving the problem
In the Administration Console for Content Platform Engine, you can apply JavaScript bulk actions to the search results of an object store query to remove the invalid SIDs. The following steps provide an example action that you can use to delete an Access Control Entry from the security of an object using bulk processing.
To remove the invalid Security IDs:
- In the Administration Console for Content Platform Engine, open the object store that you want to update, and create an object store search.
- On the SQL View tab, enter the following
query:
SELECT TOP 100 This FROM Document - On the Bulk Action tab, select Enable bulk action.
- In the Script section, click Run script.
- Copy the following example JavaScript code and paste it into the Script
field. Replace "orphaned SID here" with your user or group, such as user@domain.com, or the SID
value.
importPackage(Packages.com.filenet.api.core); importPackage(Packages.com.filenet.api.security); importClass(Packages.com.filenet.api.constants.RefreshMode); importClass(Packages.com.filenet.api.property.Properties); function OnCustomProcess (CEObject) { CEObject.refresh(); var apl = CEObject.get_Permissions(); var iter = apl.iterator(); var perm = null; while (iter.hasNext()) { perm = iter.next(); if (perm.get_GranteeName().equals("orphaned SID here")){ iter.remove(); CEObject.save(RefreshMode.REFRESH); break; } } } - Click Run. The administration console runs the query and the JavaScript action.
- After the query runs, confirm that the specified user or group has been removed from the object's security.