When you use the Add document button in Content navigator and add a document into a folder in filenet what actions are performed and therefore what permissions are required all together to have a successful completion please?

Our set up is one where the owner is set to null and so gets no implicit rights from that route - hence we need to know all the required rights to go into a role based security model

Ignore permissions on the object store as they are set to default. I'm interested in permissions for folder and documents, that i can put into roles

My key question is do I need to grant WRITE ACL (modify permissions) on the document? The document will pick up some permissions from the folder it is filed in as we have folders as security parents.

The actions and permissions that I can imagine so far are:-

Action Create document.

Permissions needed - Create Instance on the Doc class

Action: File document

Permissions needed - Read (view properties): Document, Link (File in folder): Folder

Action: Lock or unlock

Permissions needed - Write (modify properties): Document

Action: check in

Permissions needed - minor version: Document

In amongst these I can't see anywhere where it says I need to grant the user modify permissions (WRITE ACL). However, in practice, I seem to have to grant this permission in order for a document to be created.

Any support gratefully received

If you're changing/assigning the class or applying a security template with this null user, you'll need write_acl. Here's the documentation reference: https://www.ibm.com/support/knowledgecenter/SSNW2F_5.5.0/com.ibm.p8.security.doc/p8psa076.htm Please open a case if you need further investigation.

Thanks for that extra piece of information. The bit that stood out for me was that you said assigning a class to a document requires modify permissions. I hadn't thought of the modify class action as being relevant to adding a document and so missed this. Thankyou. I have seen the doc in the link before, but it isn't pitched at the higher level of listing the actions needed to fully complete a typical user based task.

I wondered whether anyone is aware of any other IBM document that would give the slightly higher level information, i.e. a list of actions that are needed to complete a task fully. Tasks like add a doc to the library, move a doc, navigate the folder tree, the class tree, kick off a workflow. For example, on my list above, I didn't include checking the new document in which I'm pretty sure is part of the list of actions needed to fully complete the task of adding a document, and check in has its own permission list which can be seen in the doc provided.