Summary

This article describes the security interaction between the Manage Metadata privilege and the Read field access right when determining whether the Template drop-down list is displayed in the Metadata dialog box.

Consider the following situation:

• The document MyDocument is currently assigned the MyTemplate template.
• In MyTemplate, there is a value assigned to Field A.
• Mary is granted the Manage Metadata privilege.
• John does not have the Manage Metadata privilege.
• Both users are denied the Read field access right on Field A.

If you log in to your repository as Mary and open the Metadata dialog box for MyDocument, the Template drop-down list will not be available.

If you log in to your repository as John and open the Metadata dialog box for MyDocument, the Template drop-down list will be available. However, if you attempt to change the template, you will receive a "Permission denied [7332]" error message.

Cause

Because both users are denied the Read field access right on Field A in MyTemplate, both users are automatically denied the Edit field access right on that field as well. This prevents both users from changing the template assigned to MyDocument. A user must be able to edit all the fields in the current template in order to change the template as changing the template is equivalent to deleting all the existing field values. The seemingly more restrictive behavior seen by Mary, even though she has the Manage Metadata privilege, is a result of when the security check takes place.

When Mary opens the Metadata dialog box, the Laserfiche client queries the Laserfiche Server for the list of fields to display. Because the Manage Metadata privilege implicitly grants the Read field access right for all fields, the Laserfiche Server returns all the fields in MyTemplate. The Laserfiche Server also states that Mary does not have the Edit right for Field A. The Laserfiche client is now aware that Mary cannot change the template assigned to MyDocument and automatically disables the Template drop-down list.

When John opens the Metadata dialog box, the Laserfiche client queries the Laserfiche Server for the list of fields to display. Because John lacks the Read field access right on Field A, the Laserfiche Server does not even return the existence of Field A to the Laserfiche client. The Laserfiche client is currently unaware of the existence of Field A. Because the Laserfiche client does not know about the existence of Field A, it displays the Metadata dialog box as normal with the Template drop-down list. It is only after John attempts to change the template that the Laserfiche Server then tells the Laserfiche client that John does not have sufficient rights to change the template.