Options
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 12 subscribers
  • Views 2069 views
  • Users 0 members are here
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Group Class and Class Permissions - Hide Class Name on object creation but display on specific permission

Claudio_Leitao

Hello everyone,

I'd like to hide certain HR classes (which are in a group class) when a user wants to create a new object but I want them to see the object (HR Class) when permissions are given to them (Permissions based on a property).

Thanks for your help, regards,
Claudio

Parents
  • +1

    In the class permissions you can define who can create new documents in the class, so remove this permission from the all internal users group and give it only to those groups who should be able to create (e.g. HR users).

    This doesn't affect the actual object permissions (e.g. who can see and edit these documents once they are created).

  • 0 in reply to Joonas Linkola

    Joonas - here's a question - what if we are applying permissions via a Named Access Control List on the Automatic Permissions tab in your screen shot?  Can we still have those permissions and then uncheck "Attach objects to this class" on the permissions tab to prevent someone from adding new docs with this particular document class?

  • 0 in reply to Tandy Wine

    Yes, automatic permissions are applied on the document when it is created. You can still decide who can create documents in this class in the first place with the settings described above. In some cases the creator may even lose access to the document after its creation if the automatic permission NACL doesn't give them at least read access.

  • 0 in reply to Joonas Linkola

    The situation I'm having, is that we want documents of a certain class, to be only created by a process in another system.  Our developer had a process what was creating these documents in the vault and it was working fine.  Then I attempted to restrict create of the form from users manually creating them by going to the Permissions tab of the document class and for all internal and external users, for the option "Attach objects to this class" I selected Deny.  Then on the same tab, I added the same user that will be running the process in the other system to create the docs and I set the "Attach objects to this class" to Allow.  But the developer continues to get "Access denied" errors like the following:

    {"ErrorCode":"2020","Status":500,"URL":"/objects/0","Method":"POST","Exception":{"Name":"COMException","Message":"Access denied.\r\nYou are not allowed to attach objects to the \"FNOL Temporary2\" class.","InnerException":{"Name":"MFilesException","Message":"Access denied.\r\nYou are not allowed to attach objects to the \"FNOL Temporary2\" class.","StackText":"Error reference ID: 5616dffe-201e-4b29-aff2-1fef07a3bed5","ErrorCode":"2020"}},"Stack":"Error reference ID: 5616dffe-201e-4b29-aff2-1fef07a3bed5","Message":"Access denied.\r\nYou are not allowed to attach objects to the \"FNOL Temporary2\" class.","IsLoggedToVault":true,"IsLoggedToApplication":true,"ExceptionName":"COMException"}

  • 0 in reply to Tandy Wine

    You should let the checkboxes for attach, unchecked, and not deny.

  • 0 in reply to Radu Moca

    Thanks Radu, that fixed it!  I guess I'm unclear though on why it worked.  What's the difference between checking "Deny" and not checking "Allow?"

  • 0 in reply to Tandy Wine

    the deny is enforced on users or groups, so any other permission is ignored.

Reply Children
No Data
M-Files
M-Files Support


© 2024 M-Files, All Rights Reserved.