Hi All,
Just wondering if anyone has had the same issue before I raise an Empower incident.
We are having an issue where users are unable to move models to a folder which they have created themselves, even though they have read + write privilege assigned.
Here are some scenarios:
1. Admin user creates folder - Modeller can move models successfully.
2. Modeller creates a new folder - they can also create new models & store them successfully
3. Modeller creates a new folder but is unable to move existing models to this folder. - The same privileges are applied to this new folder - The error message 'You need additional access privileges for this operation' appears.
I have also checked & the same privileges are being applied to all folders, no matter who creates them. So unsure why the above error message is displayed only when a modeller wants to move to a new folder they have created.
Not sure, if this is a bug or if anyone else has come across this issue. Any advice would be appreciated.
Thanks,
Leanne
I would ask "what are the privileges on the Folder the Modeller is trying to move the model FROM"? We use Baseline Folders that the Modellers ONLY have Read access to. They cannot MOVE models from the Baseline Folders, but can Copy and Paste as a "Working Copy" of the model.
Maybe you could provide a print screen of privileges of all the Folders and Modelers involed. That would probably be helpful to try and figure this out.
Mon, 06/12/2023 - 16:59
Hello Leanne,
in order to move a model the user would need the delete privilege on the source group/folder. So behaviours 2. and 3. are consistent with the modeller role having read + write privileges, but not delete.
However 1. seems to break the concept of privilege inheritance: an Admin user with all or more privileges than a modeller creating the target group
- should not change the behaviour for the modeller
- would not be able to change the privileges of the modeller role on the source group retrospectively.
This should be reason to raise a problem report with SAG support.
Have you tested the scenario 1. against a read-only user?
Regards, Martin
Hi,
The users have R+W priviliege. So my expectation is that they should be able to move/edit the folders but not delete them.
It's strange that it seems that they can move things into the folders already created or create models within a folder & only have R+W privileges - it just seems to be the move function that doesn't work for them.
I will raise as with SAG.
Thanks,
Leanne
You need R+W on the target folder and R+W+D on the source folder. From the perspective of the source folder you are performing a delete operation for the models and objects moving out.
If you could do the move operation without the Delete privilege you could escalate your privileges by moving things to a folder where you have delete privilege and delete the objects there.
Please also check the privileges on the groups that the modellers created. It could be, that the creator of a group individually obtains full RWD privileges for that group, if he did not have any "individual" privileges on the parent group, but only privileges of his user group.
