If you are unable to create a new account, please email support@bspsoftware.com

 

Folder Security - All can create, only owner can edit

Started by JCarter, 19 Feb 2021 02:53:30 PM

Previous topic - Next topic

JCarter

Here's my second folder security question of the day.

Customer wants all users to be able to create QS queries and save them to a shared folder under team content. Once an object is created though, he wants only the owner of the object to have access to edit it.

I found a blurb in the docs that the owner of an object always has full access to it, so that gets me halfway there. If I set up the parent folder with read-only for the user roles, then only the owner of each object can modify it. But then how do I allow those users to create new objects? If I set the parent folder so users have access to create objects (Write), then that will get inherited by all those existing objects and let anyone modify anything.

I hate the idea, but I had the thought of going in daily and resetting security twice:
Parent Folder: Read/Execute/Traverse, Apply to all Children: Yes
Parent Folder: Read/Write/Execute/Traverse, Apply to all Children: No

That would be a pain in the neck though and wouldn't cover objects un sub-sub-folders.

Is anyone else doing something like this and can give me a pointer?

Thanks,
Jeremy
(CA 11.0.13 FP3)

sdf

It will be a bit tedious work.
On parent you can set the users with read/traverse/write.
On the contents you can opt not to inherit the permissions from the parent folder and instead explicitly assign the owner in the permission with full permission.

Now if you want other users to be able to (run only) other reports under the parent folder, you can explicitly assign them to each objects with read/traverse.
You can create a group or role for this run only specific permission. Add members to that gorup/role. Or aside from assigning permissions directly for the owner of the object, you can add everyone group and give run permission.
So each object under the parent folder will have (everyone:run and owner:full) permissions.


sdf