When applying folder authorisation with applyfolderauthorization.py it requires an enhancement.
This should be for when a folder rule with just explicit "read" rights and no convey rights are being assigned, then the authorization rule that the script creates should append a "/**" on to the end of the rule's ObjectURI.
Example:
If this CSV row is applied using applyfolderauthorization.py currently
"/Testfolder","group","testgrp1","grant","Read",""
then a rule will be created that has an ObjectURI that looks like this:
/folders/folders/1a0dbe13-aff4-423c-9080-351349762123
This doesn't allow users to view the folders beneath /Testfolder, A quick fix is to add read (convey), but the use of convey is generally not desired as it would grant read access to EVERYTHING beneath /Testfolder unless an explicit prohibit removes this further down. As we're trying to avoid prohibits, the changing of the ObjectURI to:
/folders/folders/1a0dbe13-aff4-423c-9080-351349762123/**
is the preferred solution.
When applying folder authorisation with applyfolderauthorization.py it requires an enhancement.
This should be for when a folder rule with just explicit "read" rights and no convey rights are being assigned, then the authorization rule that the script creates should append a "/**" on to the end of the rule's ObjectURI.
Example: If this CSV row is applied using applyfolderauthorization.py currently "/Testfolder","group","testgrp1","grant","Read",""
then a rule will be created that has an ObjectURI that looks like this: /folders/folders/1a0dbe13-aff4-423c-9080-351349762123
This doesn't allow users to view the folders beneath /Testfolder, A quick fix is to add read (convey), but the use of convey is generally not desired as it would grant read access to EVERYTHING beneath /Testfolder unless an explicit prohibit removes this further down. As we're trying to avoid prohibits, the changing of the ObjectURI to: /folders/folders/1a0dbe13-aff4-423c-9080-351349762123/** is the preferred solution.