How Docstore Authorisation works

Please enable JavaScript to view this site.

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Save Permalink URL

Navigation: Introduction to Cobwebb Document Management > Cobwebb Docstore

When using Docstore to retrieve and display documents a user's permission to any retrieve document is checked. Depending upon the results a user may be able to:

•Read the Document

•Upload a new Document

•Delete a Document

QNTC File System Notes:

•The Server cannot store security information (Owner, Public Authority, Authorisation List) in the QNTC file system - so in Docstore v1.96 and above it stores it in the Docstore database instead.

•For files stored in the QNTC file IBM it may be helpful to define a Document Handling Username that will be used for all Read/Write of files to Docstore. See Creating a Docstore Document Type for further details.

Read Document Authority Checks

Clicking on the Information link in the Search Results will display the user's authorisation to the selected document - see Displaying Document Metadata for details.

A user's Read authority is checked using the following steps:

Global

•administratorAuthority - If the user is Docstore Administrator then grant permission.

Document

•fileAuthority - If the Document contains authorisation information (e.g. IFS files) then grant or deny permission according to file Read authorisation information. This includes Authorisation Lists attached to a file by the IBM i operating system which is only possible for files stored on the IBM i.

•documentPublicAuthority - If the Document entry contains permissible Public Authority then grant permission.

•documentCreatorAuthority - If the Document entry contains a Owner that grants the User permission then grant permission i.e. the user is either the Owner or, if the Owner is a Group Profile, the user exists in that Group.

•documentAutListAuthority - If the Document entry contains an Authorisation List then grant or deny permission according to Read permission in this Authorisation List. This is an Authorisation List attached to a Docstore document by an entry in Docstore and applies to all files regardless of where they are stored.

Document Type

•docTypeAutListAuthority - If the Document Type contains a Default Authorisation List then grant or deny permission according to Read permission in this Authorisation List.

•proxyObjectAuthority - If the Document Type has a Proxy Authority Object then grant or deny permission according to Read permission to this Proxy Object.

If all of the above checks fail then Read permission is denied.

Upload Document Authority Checks

A user's Upload authority is checked using the following steps:

Global

•administratorAuthority - If the user is Docstore Administrator then grant permission.

Document Type

•folderAuthority - If the user has Write access to the Document Folder for the Document Type that you are uploading the document to then grant permission.

•docTypeAutListAuthority - If the Document Type contains a Default Authorisation List then grant or deny permission according to Write permission in this Authorisation List

•proxyObjectAuthority - If the Document Type has a Proxy Authority Object then grant or deny permission according to Write permission to this Proxy Object.

If all of the above checks fail then Upload permission is denied.

Delete Document Authority Checks

A user's Delete authority is checked using the following steps:

Global

•administratorAuthority - If the user is Docstore Administrator then grant permission.

Document

•fileAuthority - If the Document contains authorisation information (e.g. IFS files) then grant or deny permission according to file Write authorisation information.

•documentPublicAuthority - If the Document entry contains permissible [Write] Public Authority then grant permission.

•documentCreatorAuthority - If the Document entry contains a Owner that grants the User Write permission then grant permission i.e. the user is either the Owner or, if the Owner is a Group Profile, the user exists in that Group.

•documentAutListAuthority - If the Document entry contains an Authorisation List then grant or deny permission according to Write permission in this Authorisation List.

Document Type

•folderAuthority - If the user has Write access to the Document Folder for the Document Type that you are uploading the document to then grant permission.

•docTypeAutListAuthority - If the Document Type contains a Default Authorisation List then grant or deny permission according to Write permission in this Authorisation List

•proxyObjectAuthority - If the Document Type has a Proxy Authority Object then grant or deny permission according to Write permission to this Proxy Object.

If all of the above checks fail then Delete permission is denied.