Review us!
Hello,
I'm trying to configure permissions via VAF based on these conditions:
List of properties:
| Prop | Type | Parent |
| X* | Lookup | |
| Y* | Lookup | X |
| Read access users | Multi lookup (users) | |
| Full access users | Multi lookup (users) | |
| Read access groups | Multi lookup (groups) | |
| Full access groups | Multi lookup (groups) |
*Mandatory
X and Y each have certain items with automatic permissions determined by namedACLs.
If I leave all access properties empty, I want the object to rely solely on X and Y's automatic permissions.
However, if I define values in the access properties, I want the object’s permissions to be determined exclusively by these properties.
Is there a way to achieve this? Specifically, can I override the automatic permissions of X and Y for my object alone?
I can configure my object to follow the NACL I created for this purpose, but the automatic permissions from the value list still apply. As a result, if the user or group specified in my property is not included in X or Y’s NACL, they won’t receive the expected permissions.
Just to clarify, the ChangeAutomaticPermissionsToNamedACL (and similars methods) directly modifies the automatic permissions of the item in the value list, which is not my intention here. I only want to override permissions for the specific object where I've set values in the custom access properties.
And for the object permissions, this works fine :
vault.ObjectOperations.ChangePermissionsToNamedACL(obj.ObjVer, MyNamedACL, true);
But I still need to override the X and Y permissions—and revert to the original permissions if I remove all access properties.
Thanks in advance for your help.
