Skip to main content

I have been trying a few things with both project and document access. But I have come up against what I think is a conflict between project access and document access.  

But here are my findings:

  • I created a project under IFSAPP in a test environment.
  • IFSAPP is identified as a document administrator
  • I created another user that was not a document administrator (User 2)
  • I did NOT add USER2 to the project access
  • I created a couple of documents that were attached to an activity on the project as IFSAPP
  • USER2 was NOT able to access the project at all
  • I added USER 2 to the project access with full rights
  • I logged in as USER2 and accessed the project successfully
  • I could see the documents I had attached earlier BUT although I had granted the team to which USER2 belonged full access, USER2 could see that the documents existed BUT could not access them
  • I tried as USER2 to create a document attached to the activity.  USER2 could not create a document in a document class for which the user was NOT allowed.
  • I added USER2 to a document class
  • I was able to add a document attached to the project activity from within the project
  • USER 2 was still not allowed to see the previous documents I created as IFSAPP as USER2 was not on the document access table.

 

That is the extent of my investigation.  The bottom line is it appears if a user is NOT on the individual document’s access table, the project access table appears to have no effect on allowing a project team member to view a document attached to an activity. 

 

Does anyone have any advice?

Hi All, 

 

I went throught most of the commentaries on this post, but I just want to confirm something : 

If we add tody a user_group to a specific document_access  with the view access,  the users within this group won’t see any document from the specific document_class that were published before today right ? 

How is it possible to give view access to all items of a specific document_class to  people we have just given this view access ?  

 

Best regards,


 

If we add tody a user_group to a specific document_access  with the view access,  the users within this group won’t see any document from the specific document_class that were published before today right ? 

Correct. Adding new access lines to the access *template* will not update the access to any existing documents.

How is it possible to give view access to all items of a specific document_class to  people we have just given this view access ?  

There's no feature to propagate the contents of the access template to existing documents today.

A way to be proactive about this is to never add specific persons to the access template, always use groups. Then you can easily add or remove access lines for those groups.

If you need to change the access to existing documents you need to update their access definition one by one, or write a script or use data migration to update them in bulk. A custom event can also do it.

Good luck!


Here is a simple custom event action that will push one ONE document access template line, when it is updated:

DECLARE 
doc_class_ VARCHAR2(100) := '&NEW:DOC_CLASS';
CURSOR get_docs IS
SELECT doc_no, doc_sheet, doc_rev
FROM doc_issue_tab
WHERE doc_class = doc_class_;
BEGIN
FOR doc_ IN get_docs LOOP
BEGIN
Document_Issue_Access_API.Insert_Access(
doc_class_, doc_.doc_no, doc_.doc_sheet, doc_.doc_rev,
'&NEW:PERSON_ID', '&NEW:GROUP_ID', 1, &NEW:ADMIN_ACCESS, &NEW:EDIT_ACCESS, &NEW:VIEW_ACCESS, 'Pushed from template');
EXCEPTION
WHEN others THEN
NULL;
END;
END LOOP;
END;

It relies on a custom event on the DocumentAccessTemplate entity, which fires when a row is updated and when the Note field is set to "push". That's how I did it, but it can be done in many other ways. It's a quite naive solution, but it works. If the person or group to be pushed already has access, there will be an exception which we ignore.

So, you need to add the new access line first, then save, then edit it and set Note to “push”. The code above should work even without that condition though.


Reply