Users Who do not Have Delete Permission Are Able to Delete Documents & Folders in Document Manager (Doc ID 2291643.1)

Last updated on AUGUST 07, 2017

Applies to:

Primavera Unifier Cloud Service - Version N/A and later
Primavera Unifier - Version 9.7 and later
Information in this document applies to any platform.

Symptoms

On Unifier : Any Version

There are users who don't have Document Manager permissions to delete documents from document manager folders; but the "Delete" button is not grayed out, they do not get a "you do not have permissions" popup when attempting to Delete documents or folders, and they are able to complete the Delete activity when they attempt it.

EXPECTED BEHAVIOR
-----------------------
Users that do not have "Delete" permissions should not be able to delete documents or folders.

STEPS
-----------------------
The issue can be reproduced at will with the following steps:

  1. Login to Unifer as user without Delete Permissions in a specific Shell/Project when viewed from the DM Node Permissions window.
  2. Navigate to the said shell/project where they do not have Delete Permissions.
  3. Go to Document Manager
  4. Open the folder > Sub-Folder and select the document or folder to be Deleted.
  5. Click Delete.
  6. System will allow you to delete even though User or Group Permissions does not have "Delete" checked.


When viewing the Document Manager permissions, navigate as follows:

Navigate to the Shell/Project as an Administrator > Admin Mode > User Administration > View the User and the Groups that the User is a member of to check permissions. Note that there are 4 possible permissions boxes:

Full Access     Checked 
   Create        Checked
       Organize Checked
             View Checked

Note that all 4 were checked.

Then Navigate to the same Shell/Project in User Mode > click on the "Permissions" button on the top menu bar.  Note that "Delete" is not checked for either Document or Folder Permissions.  These are the 2 locations where user permissions are determined. In User Administrator, and in DM Permissions window.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms