Thank you for information.
The way how you currently ensure the permissions is probably the best one that can be used with given ACL evaluation implementation today.
If there is only Create:Allow
and not explicitly Deny
defined, the result is Deny
only when both CMS Content
module and specific Document type
were not allowed. In other cases the result was Allow
The changes suggested for 6.0 are expected to change this evaluation when the ACL is insignificant
(no record / no explicit Allow). It would result to Deny
Which means you would only need to add Allow
for specific role on the requested document (branch starting node), it would propagate to the child nodes through the inheritance and other roles would get Deny
in that scope automatically. That would - I believe - make your scenario much easier to setup and manage.
I cannot confirm that it will be the default behavior, maybe a web.config
key will be needed.
I would suggest you to contact us after 6.0 release so we can provide the most accurate information.