Showing results for 
Search instead for 
Did you mean: 
Showing results for 
Search instead for 
Did you mean: 
Showing results for 
Search instead for 
Did you mean: 

Deny Permission to create new Document


Deny Permission to create new Document

Gentlemen ,

How can I disable creating new CAD Documents in a particular Product Context , but allow users to revise & iterate existing drawings present in the context.

I configured the ACL to deny "Create" , but it doesn't allow the user to even revise/iterate the object.

With Regards ,

Sriram Subramanian (Sri)
Office - +1 (314) 862-8000 Extn - 506



When you revise or iterate you are storing new data to the database
associated to an existing document, therefore you are creating data of that
type you are denying. If you desire to configure an existing "single"
context / container to allow create for revise and iterate you have many
options, most require more configuration and some customization beyond the
basics you have attempted:

- Use a workflow with a change process or a workflow bound to the object to
fire off at a certain state to grant ad hoc acl's to a group / role on
existing data; keeping in-tact your current deny. You use ACL's on the
lifecycles, but I find these to be more difficult for folks to troubleshoot.
The user on a change activity would get a task authorizing them to complete
their work for existing part ABC123 and until they hit task complete, they
have been granted temporary create permission to the business object aka the
EPMDocument that is affected/resulting.

- Create an additional domain, assign to folder that allows create in this
domain/folder only. As the data is lifecycled it's folder is changed such
that a different set of policy restricting creation. Inside this folder /
domain , you also just deny modify on the folder to prevent new data from
added to the folder or something being modified/removed/deleted.

- Use a listener on method server to reject the persist store events on
objects which are the mastered part number and name do not exist already.
Get the master of the object and check if it is persistent already. Use a
group / role / team to restrict access to those can create new versus create
on existing.

- Use an combination of action filter and validator (for toolbar) that check
membership of group / role / team to create new data of a certain type.

- Deny create from the organization level, grant create in only certain
containers. (Multi container/context option)

It sounds like you need to review the basics of access control
administration from the business admin guides and help center to better
understand why denying create has this impact.


David DeMay



I had similar experience with WTParts and Types. I wanted to deny creation of Types and limit to certain users. When a user linked a CAD doc to it, it wants to iterate it. It then presents a problem in that the user cannot check in cad doc. I worked around it by changing the link type but not ideal. I wish deny rights were easier to use they are ok good in a very narrow use case.