Options
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 13 subscribers
  • Views 1047 views
  • Users 0 members are here
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access Denied - Change Permissions required with User from Metadata

Claudio_Leitao

Dear all,

We've noticed that when we're using "User from Metadata" to give that specific user some permissions, if this metadata is changed, the other users need to have the "Change Permissions"  Allowed otherwise they get an access denied error message.

Is that a normal behaviour ? We find that kinda weird, because we want to give them the rights to change a M-Files user through the Metadata card but deny them to change all the objects permissions. 

Thanks for your replies
Claudio

Parents
  • +1

    This is by design. The user needs the "Change permissions" rights to be able to perform any operation that affects the permissions of the object. This applies to both modifying them via the Permissions dialog or modifying a metadata value that is used in the object's access control lists.

  • 0 in reply to Joonas Linkola

    Is there a way to formally disagree with this design.  If a class has properties that drive metadata, then an Admin created the class that way and people with edit access should be able to change property values - and let the admin decide what happens when those properties are changed.  The way it is now, I have to let someone be able to change the NACL to whatever they want just so they can add a user to a property that gives that other user read access.  That doesn't make sense to me.

  • 0 in reply to DCPDamon

    As far as I know this is how M-Files has always worked so this design has been in the platform 10+ years. Someone more familiar with the origins of the permission model should comment on why it was decided that it should work like this. We can certainly record ideas on how to enhance the platform in the future, it seems there is already an improvement idea (ID 127025) on allowing metadata-based permission changes separately from the manual permission changes. I've added your company details to this request.

Reply
  • 0 in reply to DCPDamon

    As far as I know this is how M-Files has always worked so this design has been in the platform 10+ years. Someone more familiar with the origins of the permission model should comment on why it was decided that it should work like this. We can certainly record ideas on how to enhance the platform in the future, it seems there is already an improvement idea (ID 127025) on allowing metadata-based permission changes separately from the manual permission changes. I've added your company details to this request.

Children
No Data




              

© M-Files Corporation 2024 | Privacy Policy