...
If a folder is created under folder a:b, then apply privileges to the folder of CREATE,STEM to group a:security:admins
You should use the inherited privileges screen to control this. This rule is on the folder where folders are created.
Configure rule for v5+
Configure rule for v4 and previous
Java example
Code Block |
---|
//add a rule on stem2 saying if you create a group underneath, then assign a reader group AttributeAssign attributeAssign = stem .getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign(); AttributeValueDelegate attributeValueDelegate = attributeAssign.getAttributeValueDelegate(); attributeValueDelegate.assignValue( RuleUtils.ruleActAsSubjectSourceIdName(), actAs.getSourceId()); attributeValueDelegate.assignValue( RuleUtils.ruleActAsSubjectIdName(), actAs.getId()); attributeValueDelegate.assignValue( RuleUtils.ruleCheckTypeName(), RuleCheckType.stemCreate.name()); //can be SUB or ONE for if should be in all descendants or just on children attributeValueDelegate.assignValue( RuleUtils.ruleCheckStemScopeName(), stemScope.name()); attributeValueDelegate.assignValue( RuleUtils.ruleThenEnumName(), RuleThenEnum.assignStemPrivilegeToStemId.name()); //this is the subject string for the subject to assign to //e.g. sourceId :::::: subjectIdentifier //or sourceId :::: subjectId //or :::: subjectId //or sourceId ::::::: subjectIdOrIdentifier //etc attributeValueDelegate.assignValue( RuleUtils.ruleThenEnumArg0Name(), subjectToAssign.getSourceId() + " :::: " + subjectToAssign.getId()); //possible privileges are stem and create attributeValueDelegate.assignValue( RuleUtils.ruleThenEnumArg1Name(), Privilege.stringValue(privileges)); //should be valid String isValidString = attributeValueDelegate.retrieveValueString( RuleUtils.ruleValidName()); if (!StringUtils.equals("T", isValidString)) { throw new RuntimeException(isValidString); } |
...