Options
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 526 views
  • Users 0 members are here
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Metadata-driven permissions (4th metadata)

dejan

Hi community and M-Files,

We have a use case to show working assignment for all users involved into workflow. I am setting read access for users following pattern "Document.*".

I have found out today that some power users that we reference through following setup: "Document.<Reference metadata>.<other reference>.Employee id". As we never touch that default configuration (3 level indirect metadata), this is actually not possible.

I see 2 options:

  • To adapt configuration to enable 4th level indirect metadata for metadata navigation
  • Or to create some auto-calculated metadata which I need to hide and control when to re-calculate

I am in temptation just to re-configure one level deeper for metadata permissions (can someone actually share that registry config?).

I am somehow concerned how this could influence performance of my vault. I read somewhere that this is not really recommended.

What is your experience when enabling one additional metadata level? Does performance degrade significantly?

Best regards,

Dejan

  • 0

    You can temporarily allow M-Files Admin to add the fourth level, the client-side registry setting is mentioned here: https://community.m-files.com/forums-1552881334/f/general-discussion-feedback/5967/help---workflow-assignment---auto-permissions/15689#15689

    There's no single answer for the performance question as this is heavily dependent on your vault. For instance, how many objects will use that NACL and how often are the metadata values referenced in the NACL changed, triggering a recalculation for the object permissions. You may need to just test it in your environment and see if there are any issues.

  • 0 in reply to Joonas Linkola

    Thanks Joonas. Well, we will expect around 10000 documents with 5-6 workflow steps where this indirect metadata is used in NACLs. As the role gets changed from time to time, it could be the case that someone else is assigned for that particular role.

    Would if I enable this 4th level affect also other documents/complete vault where those NACLs are not used?

    If I would use auto calculated property I might end up with old assigned people even though the role changes in between. Those roles are assigned to certain people per unit and those information come from our central database. For re-calculation, I know that document needs to be changed so re-calculation gets triggered.

    Hm, not quite sure what could be the solution

  • 0 in reply to dejan

    The client-side registry setting only enables M-Files Admin to allow you to select the fourth level on your computer, it doesn't affect the system in any other way. After you have modified the NACL, you can remove the registry setting from your computer if you like. So the only direct effect is on the NACL you modify and the documents that use that NACL, but of course any potential performance issues would affect the vault as a whole.





              

© M-Files Corporation 2024 | Privacy Policy