How To Grant Write But Not Read Access To Content (Doc ID 445405.1)

Last updated on MAY 03, 2023

Applies to:

Goal

In certain scenarios, it may be desirable for users to submit content into the repository, but not be able to then read that content. This is typical in cases where the content may be highly sensitive such as human resource documents that should only be viewed by a select group of individuals.

Normally when mapping permissions from roles to security groups or users to accounts, selecting the ‘Write’ privilege always enforced ‘Read” privilege as well. There really is no way to select only the “Write” choice.

In the past, there have been several approaches customers have made to accommodate this type of functionality. One of the choices was to create a component which would modify the check in services to bypass certain security restrictions. While this approach would work, it required customization which would need to be maintained and supported. Another approach was to handle the resetting of security through the Archiver applet. An Archive could be created to automatically export out content with a given security group and/or account the user had access to and immediately import the content back in while remapping the security fields to a different value. While this did not require customization, one of its drawbacks was it allowed content to be visible for a short period while the archiving process took place.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.