...
If a folder is created under folder a:b, then apply privileges to the folder of CREATE,STEM to group a:security:admins
You should use the inherited privileges screen to control this. This rule is on the folder where folders are created.
Configure rule for v5+
Configure rule for v4 and previous
Java example
| Code Block |
|---|
//add a rule on stem2 saying if you create a group underneath, then assign a reader group
AttributeAssign attributeAssign = stem
.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
AttributeValueDelegate attributeValueDelegate = attributeAssign.getAttributeValueDelegate();
attributeValueDelegate.assignValue(
RuleUtils.ruleActAsSubjectSourceIdName(), actAs.getSourceId());
attributeValueDelegate.assignValue(
RuleUtils.ruleActAsSubjectIdName(), actAs.getId());
attributeValueDelegate.assignValue(
RuleUtils.ruleCheckTypeName(), RuleCheckType.stemCreate.name());
//can be SUB or ONE for if should be in all descendants or just on children
attributeValueDelegate.assignValue(
RuleUtils.ruleCheckStemScopeName(), stemScope.name());
attributeValueDelegate.assignValue(
RuleUtils.ruleThenEnumName(), RuleThenEnum.assignStemPrivilegeToStemId.name());
//this is the subject string for the subject to assign to
//e.g. sourceId :::::: subjectIdentifier
//or sourceId :::: subjectId
//or :::: subjectId
//or sourceId ::::::: subjectIdOrIdentifier
//etc
attributeValueDelegate.assignValue(
RuleUtils.ruleThenEnumArg0Name(), subjectToAssign.getSourceId() + " :::: " + subjectToAssign.getId());
//possible privileges are stem and create
attributeValueDelegate.assignValue(
RuleUtils.ruleThenEnumArg1Name(), Privilege.stringValue(privileges));
//should be valid
String isValidString = attributeValueDelegate.retrieveValueString(
RuleUtils.ruleValidName());
if (!StringUtils.equals("T", isValidString)) {
throw new RuntimeException(isValidString);
}
|
...