Ask Question
« General Questions on Nuxeo

NXQL and ACLs

I want to find all folders where special ACLs (Access Control Lists) are used. As a simple example, where a Read access is granted. Whenever I add such a condition (line 1 in my example below), nothing is found. Without the condition, the expected results are retrieved.

I read https://doc.nuxeo.com/nxdoc/nxql/ and also https://jira.nuxeo.com/browse/NXP-15970 so I think I have understood the concept for pseudo-list.

Here is my query:

SELECT
  *
FROM
  Document
WHERE
  ecm:acl/*/permission = 'Read' AND
  ecm:isTrashed = 0 AND
  ecm:primaryType = 'Folder'

Any hints? - Thanks

ElmarKnipp
Member (724)   1   5   4 		03/23/2022 ( History)
0 votes
1 answers
625 views
ANSWER
ANSWERS

That query looks correct. It only returns local permissions, so if you have inherited Read permissions on a folder, it won't show up in the results.

LaraGranite
Developer, Granite Horizon (1.7K)   2   4   5 		04/07/2022 ( History)
0 votes
ElmarKnipp
Thanks, you are right. The documentation states explicitly: "Note that this is a query on the ACLs that were set on a specific folder or document, NOT on the resolved permissions according to the inheritance rules."

Nevertheless, if I set a local Read permission on the document and query the repo as described in my original post, nothing is found.

BTW: Is there a possibility to query for inherited ACEs?

04/11/2022
Follow
Tags
Linked Questions
Related Questions
Looking for a way to look up all external permission share
a lot queries are performed on CoreSession.getChildren(DocumentRef)
Is it possible to know if a particular permission is grant anywhere in Nuxeo?
Get all accesssible document of a user while being authenticated as Administrator PYTHON API
NQXL workspace query
Nuxeo 5.8 Regression on Login As - Logout and set temporary ACL
DAM and controling access to folders by groups
Dealing with documents where getPathAsString() == null
customizing default permissions in securityService