This month’s Consultant’s Corner article focuses on the search feature, Advanced Searches on Entry Access Rights. This search feature was first made available in version 10.3. Below CDI’s Software Trainer, Kyle Knebel, will walk you through how to locate entries with specific Entry Access Rights directly assigned to them.
*Please note, these searches do not return entries that inherit the specified entry access rights.
Let’s begin.
An Advanced Searchis accomplished by using the Search Syntax box in the Windows or the Web client. Security searches are not currently available in the User Interface (UI).
Web Client:
Windows Client (check the box to Include search syntax in query):
Here are four example searches that might be useful:
1. Finding entries where trusteename has security assigned to them (or denied to them). This search uses trusteein order to find all entries where the user is explicitly assigned.
For example, let’s find entries where the user Jane is explicitly assigned to entries. The syntax would be:
{LFACE:trustee="Jane"}
Or, let’s find entries where the group LFUsers is explicitly assigned to entries. The syntax would be:
{LFACE:trustee="LFUsers"}
Finally, if you wanted to find all entries where an entry access right of either Allow or Deny is explicitly granted the syntax would be:
{LFACE:type = “*”}
2. Finding entries where security is allowedor denied to a user or group. This search uses trustee and typein order to find all entries where an entry access right is either allowedor denied.
For example, let’s find entries where the user Jane is explicitly denied on entries. The syntax would be:
{LFACE:trustee="Jane", type="Deny"}
Or, let’s find entries where the group LFUsers is explicitly allowed on entries. The syntax would be:
{LFACE:trustee="LFUsers", type="Allow"}
3. Finding entries explicitly assigned with the specified scope (regardless if allowed or denied). This search uses scope to find entries with the indicated scope(s).
There are nine scope types available. The most commonly used is all, which will find the scope of This folder, subfolders, and documents. The syntax would be:
{LFACE:scope = “all”}
Or you can use notthisentry, which will find the scope of Subfolders and documents only. The syntax would be:
{LFACE:scope = “notthisentry”}
Here’s the list of all the scope types available in this search syntax:
documentsonly: Documents only
thisentry: This entry only
folders: This folder and subfolders
foldersonly: Subfolders only
immediate: This folder and its immediate children
immediatechildren: Immediate children only
immediatedocuments: Documents that are immediate children only
notthisentry: Subfolders and documents only
all: This folder, subfolders, and documents
4. Finding entries where a trustee is granted or denied any combination of rights.
To find entries that are assigned both the Browse right and the Read right, and that may also have other rights, the syntax would be:
{LFACE:rights = “BrsRea*”}
To find entries where the explicitly assigned entry access rights are anything other than exactly and only the Read and Browse rights (entries with explicitly assigned rights in addition to both the Read and Browse rights will be included in the results) , the syntax would be:
{LFACE:rights <> “BrsRea”}
To find entries where users who are not the ADMIN user have not been explicitly assigned any rights, the syntax would be:
{LFACE:rights = “---“, trustee<>”ADMIN”}
Here’s the list of all the three-character strings available in this search syntax:
brs: Browse
rea: Read
mcn: Modify Contents
ada: Append Data
del: Delete Entry
ren: Rename
dpg: Delete Document Pages
san: See Annotations
ann: Annotate
red: See Through Redactions
wme: Write Metadata
crd: Create Documents
crf: Create Folders
rac: Read Entry Security
wac: Write Entry Security
cow: Change Entry Owner
srd: Set Last Review Date
frz: Freeze/Unfreeze
evt: Set Event Date
cls: Close/Reopen Folder
---: (three dashes) indicates that no rights have been explicitly assigned.
Thank you, Kyle!
Be sure to try out these unique searches the next time you want to find entries based on which trustees have entry access rights assigned to them for an entry, the specific entry access rights involved, whether the right is allowed or denied, or the scope of that right. We’ll see you next month!