On Wed, 15 May 2002, Florent Guillaume wrote:
<kosh@aesaeion.com> wrote:
What would be the correct set of permissions and security assertions I need in order to make it so that in addition to manager only the owner of that object can edit it. It seems if I just gives the permissions I want to the owner role that doesn't work.
It should work. Owner is a local role given by ObjectManager to the user at object creation time. Check that in the Security/Local Roles tab.
Their username is listed as the owner of the object however it seems they can't do what an owner should be able to do when they login. If I give them the global role of owner thent they should. So for some reason they are not getting assigned the local role of owner.
How do you create you objects ?
With a python script. I have it create one of the object with a default profile as a manager and then change the objects ownership which all seems to work just fine.
If I assign someone to the role of owner they can do stuff in all of the documents which is not what I want.
Indeed. Nobody should have a global Owner role.
I had thought that owner was a role you got automatically on an object if you where its owner.
You get it when you create the object, so in effect what you say is true event if the mechanism is different. For instance if someone "takes ownership" of an object it doesn't change the Owner local role.
However shouldn't you have the owner role everytime you access the object also if you are authenticated?