Welcome To Support Community

Pipeline Pilot and BIOVIA Foundation

Advanced Search
Ask Search:
Matthew BrownMatthew Brown 

Revoke Inherited Permissions in Pipeline Pilot 9.5

We have an issue with applying access rights to protocol folders in the Pipeline Pilot Client. We need to restrict permissions to certain folders contained within the Protocols\Web Services folder. Currently, we have applied permissions at the root "Protocols" folder to several general AD groups, but it seems that inherited group permissions in sub-folders cannot be revoked or set to "none". The best I can do is to set them to "Read," which doesn't work for our use case. They need to be completely hidden. 

The only way I found to do that was to remove group permissions at the root and set the "everyone" group to read, and then set the "everyone" group to "none" in the folders we need to restrict (while granting access to a limited AD Group).  

Is that the only way to restrict permissions? if so, we will have to reapply the general AD group permissions to all of the individual Web Services sub-folders, which is not ideal. Is there something that I am missing?

We are using Pipeline Pilot 8.5 and 9.5, and we are not using Foundation Server (if that matters). Also, is the permissions scheme the same in 2017 R2? Would using Foundation Server change how permissions are applied?
I'm sure there is a 'proper' way to do this and someone will pick up.
Do you need to completely hide the folder or just block the ability to run the protocols by anyone not in the AD group? If the latter is acceptable, as a workaround maybe, you could just add a check in the protocol that the logged in user is in the relevant AD group.

Matthew BrownMatthew Brown
Thank you for the suggestion. In this case, we need to be able to completely hide the folder in the Client. 
Build a package including a suitable AuthObjectPermissions.xml?
I've never found any documentation about this but have got it to work by trial and error.