Not sure what is going on...
It is true that the security_id in docversions is a computed value, but luckily there is only a limited set of those. security_id is a hashed value of the canonical representation of the list of ACLs. The canonical list is stored then in the SecurityDesc Table, so every unique combination of ACEs has exactly one entry there.
Find a folder that has security set the way you want it, get the id of the folder and find the value of security_id in table Container. Modify the value of security_id for the problematic folder to the same value as the 'good' one.
Then look if the ACL looks the way you anticipated... I could not try it so keep us posted on the results.
And yes, people at IBM will probably raise a few eyebrows.
/Gerold
------------------------------
Gerold Krommer
------------------------------
Original Message:
Sent: Mon February 21, 2022 11:28 AM
From: Yannick Martin
Subject: FileNet security - Folder is Read-only
Hi,
the folder is read-only for the administrator, modifying the "Owner" to admin gives the following error message :
The requester has insufficient access rights to perform the requested operation. CmAcmLatestSeqNumForCustomProp is a read-only property and cannot be updated at this time.
When cannot change the object security thru the DB2 because the security object of the folder is a computed value.
Is there another way to make the folder's security updateable ?
Thanks for help
------------------------------
Yannick Martin
Original Message:
Sent: Fri February 11, 2022 11:54 AM
From: Joe Raby
Subject: FileNet security - Folder is Read-only
It sounds like someone has created a folder that no one has access to, including administrators. And therefore even an admin cannot browse to the folder?
Object store Admins are able to find any object via a search. So an admin could go into ACCE and find the folder with a query like the following, even if they do not have access to it: SELECT [This], [Id], [PathName] FROM [Folder] WHERE [FolderName] LIKE 'SubFolder%'
Once the folder is found by a search, the admin won't have access to make any updates, but the admin is able to make themselves the owner. So they would have to do that first. After they have made themselves the owner, then they can update the permissions on the folder.
Regards,
Joe
------------------------------
Joe Raby
Original Message:
Sent: Fri February 11, 2022 08:04 AM
From: Gerold Krommer
Subject: FileNet security - Folder is Read-only
Honestly, I have only a faint idea what you are asking.
Is your problem with ACCE or the API. If API can you achieve what you want with ACCE?
If it is ACCE a few screenshots would be in order...
BR,
/Gerold
------------------------------
Gerold Krommer
Original Message:
Sent: Thu February 10, 2022 11:41 AM
From: Yannick Martin
Subject: FileNet security - Folder is Read-only
Hi,
my issue is that an application uses the API to disable the "inherit parent permissions" flag for a container,
on a folder where no security permission is defined (Security tab of the folder is empty, i.e. no direct/default permission).
Is there a way to permit the administrator user to update the security ?
Thanks for help
------------------------------
Yannick Martin
------------------------------