Old version access permissions

Build 1501 on 14/Nov/2017  This topic last edited on: 21/Mar/2016, at 18:34

Users with the Acces audit privilege can read any old version. Users without this privilege can read only old versions that they created.

Click to toggle graphic sizeRecommended settings

For the Administrator group, enable the Access audit privilege.

For the Everyone group, do not enable the Access audit privilege.

For other groups, such as Editors, Section Heads, Subs and similar, enable the Access audit privilege.
Click to toggle graphic sizeTo edit permissions

See Granting system permissions.
Click to toggle graphic sizeTechnically speaking

The system also computes and use access permissions on old versions. You have only read permissions on old versions (they cannot be modified...), and only the read permissions that you have on the current version of the object - e.g. if you do not have the read protected permission on an object, you will not have read protected permission on any old versions of that same object.

When retrieving old versions (using 'do.ashx?cmd=versions' or 'cmd4 audit') the system automatically filters out all the attributes the user does not have access to. Furthermore, the access permissions computed as specified above are available in the old version XML:

  <ActionList xmlns="http://www.teradp.com/schemas/GN4/1/Audit.xsd">

    <ActionDesc 

      xsi:type="UpdateActionDesc" Time="2010-07-06T22:50:08.733Z" UserId="1705" 

      LoginGuid="2fb7fe84-4da7-4da6-853e-736be1607f7c" Action="Update" 

      UserDesc="TeraDP\MiMo" ObjectId="2848" ObjectTypeName="story" ObjectDesc="Story with images" 

      Codes="Normal Protected Content">

      <Obj>

        <story . . . >

          . . . .

        </story>

      </Obj>

      <ObjAccess perms="01111000000000000000000000" />

    </ActionDesc>

    . . .

  </ActionList>