Documentation Center

Understanding how security impacts move operations on folders and objects

This topic describes the security rules when moving folders and objects

Basic rules

Always keep in mind the following basic rules:
  • When no read access is specified, everybody can read the folder
  • When no write access is specified, everybody can update the folder
  • The read security settings should always include the write security settings. So, if no write access is specified, everybody should have read access as well.

Moving a folder

Extra rule when moving a folder...
  • the read access settings of the sub folder should be the same or more restrict than the read access settings of the new parent folder
The following table contains some examples to illustrate that. The table contains the following combinations of read and write access:
  1. No read access and no write access specified
  2. No read access specified, but only usergroup A has write access
  3. Usergroups A and B have read access, but only usergroup A has write access
  4. Usergroups A and B have read access, but only usergroup B has write access
  5. Only usergroup A has read and write access
Sub folder/New parent1 (""/"")2 (""/A)3 (A, B/A)4 (A, B/B)5 (A/A)
1 (""/"")AllowedAllowedRead access is conflictingRead access is conflictingRead access is conflicting
2 (""/A)AllowedAllowedRead access is conflictingRead access is conflictingRead access is conflicting
3 (A, B/A)AllowedAllowedAllowedAllowedRead access is conflicting
4 (A, B/B)AllowedAllowedAllowedAllowedRead access is conflicting
5 (A/A)AllowedAllowedAllowedAllowedAllowed

Moving an object to another parent folder

Extra rules when moving an object...
  • The read access settings of the old parent folder should be the same or more restrict than the read access settings of the new parent folder.
  • The write security of the new parent folder should be the same or more restrict than the write settings of the old parent folder. This check can be overruled by an administrator role.
The following table contains some examples to illustrate that. The table contains the following combinations of read and write access:
  1. No read access and no write access specified
  2. No read access specified, but only usergroup A has write access
  3. Usergroups A and B have read access, but only usergroup A has write access
  4. Usergroups A and B have read access, but only usergroup B has write access
  5. Only usergroup A has read and write access
Old folder/New parent1 (""/"")2 (""/A)3 (A, B/A)4 (A, B/B)5 (A/A)
1 (""/"")AllowedWrite access is conflictingRead access is conflictingRead access is conflictingRead access is conflicting
2 (""/A)AllowedAllowedRead access is conflictingRead access is conflictingRead access is conflicting
3 (A, B/A)AllowedAllowedAllowedWrite access is conflictingRead access is conflicting
4 (A, B/B)AllowedWrite access is conflictingWrite access is conflictingAllowedRead access is conflicting
5 (A/A)AllowedAllowedAllowedWrite access is conflictingAllowed