Permissions Required for Moving Objects
Moving objects to a new folder requires certain permissions depending on the move being performed. Moves can be performed as follows:
• to the same domain and context
• to the same context but different domain
• to a different domain and context.
In the example diagrams below, a user wants to move an object in the Camping Umbrella product to various locations. The example object inherits its domain from its parent folder.
• The following diagram shows moving an object from the Umbrella folder to the General folder within the same domain and the same context.
• The following diagram shows moving an object from the Umbrella folder in the /Default domain to the Design folder in the /Default/Design domain within the same context.
• The following diagram shows moving an object from the Umbrella folder in the /Default domain of the Camping Umbrella product to the Design folder in the /Default domain of the Beach Umbrella product.
The table below highlights the permissions needed for the source and target locations of the move.
Moving Object To | Source Folder Permissions | Target Folder Permissions | Moved Object Permissions |
Same domain and same context | Modify | Modify | |
Different domain and same context | Modify | Modify | Change Domain (source location) Create By Move (target location) |
Different domain and different context | Modify | Modify | Change Domain (source location) Change Context (source location) Create By Move (target location) |
The following example illustrates the permissions that are needed for the move operation as a result of the characteristics of a document. Although the permissions can be granted by either policy or ad hoc access control rules, this example describes the use of policy rules.
Moving a document from one folder to another requires the permissions described in the list below. For example, consider moving an object of type WTDocument (which is a foldered object) from one folder (which is either the SubFolder or Cabinet object type) to another.
• If the process includes navigating to the document, then it requires Read permission for the context that the document resides in because the document is contained. Using a search to locate the document does not require Read permission for the context.
• Requires Read permission for the document in the domain it belongs to (that is, the domain of the source folder) in order to select it for moving, because the document is access controlled.
• Requires Read permission for the document in the domain it belongs to after the move (that is, the domain of the destination folder) in order to view it once it has been moved, because the document is access controlled.
• Requires Modify permission on the source and destination folders because the document is foldered and the folder content is being changed (removing the document from the source folder and adding it to the destination folder).
• If the source and destination folders are in different domains, then the domain of the document will change when it is moved, since it is domain administered and inherits its domain from the folder in which it resides. Changing the domain requires the Change Domain permission for the document in the domain of the source folder and Create By Move permission for the document in the domain of the destination folder.
• If the source and destination folders are in different contexts, then the context of the document will change when it is moved (since it is contained). Changing the context requires the Change Context permission for the document in the context of the source folder.
