Skip to main content
Kofax

Granting the Everyone Group 'Read only' permissions in an Access Control List

Article # 3037642 - Page views: 287

Issue

When we open an artefact, we get a warning similar to the following:

You do not have required access permissions to edit query. It will be opened as read-only.
You currently do not have the required maintenance access permissions to lock this Form. It will be opened read only.
You currently do not have the required Access permissions to lock this process. It will be opened read only.
Access denied. You must have at least read write access permission on Maintenance Access.

Cause

In Kofax TotalAgility (KTA) v7.10, a bug was fixed as in previous versions, the principle of least privilege did not take affect when we had two or more groups assigned to the Access Control of an artefact in TotalAgility

If we have an Access Control List where the Everyone Group has 'Read' permissions, and we have not assigned an Individual Resource that has Edit permissions, then all resources in the system will adhere to this and now have Read Only permissions on that artefact

For example:

Access Control.png

This means that the permission cannot be updated going forward i.e the permission cannot be increased to Full Control
Customers who upgrade to KTA 7.10 will be affected by this, and may see this as unexpected.
 

The help states:

If you deny permission to any group a user belongs to, the user is denied access. This is true even if the user is given the permission in a different group. If the user belongs to more than one group, it is the lowest access permission that is used. For example, if you have full access from one group that you are a member of, and read-only access from another, then you can only read, not write.

Direct user privileges override group privileges. This means, if the user has explicit access permissions, that is used. For example, if an individual has "Full control "and the Everyone group has only "Read" access permissions, the individual will have full control to create and modify items.

Solution

If you have been affected by this and wish to remove or change the permission level,
Please raise a new case with Technical Support and we can provide SQL to update the access
 

Level of Complexity 

Easy

Applies to  

Product Version Build Environment Hardware
KTA KTA 7.10 +      

References

 

  • Was this article helpful?