Hi All,
We wanted to explore the possibility of only allowing content owners to perform transitions into the 'Certified' lifecycle state. Is this something that is achievable?
I can see that a script is used in order to only allow "Certifiers" to do this by default and am wondering if this is something that can be modified.
return (user.getGroupNames().contains("Certifiers"));
Ben
And to add further clarification, if an individual only owns asset A, then should only be able to certify Asset A, not any other assets.
Ben
Hi @BenMoss I believe it might be achieved by changing script, I might be mistaken, but in a fact this leads to even less security. The users would still be able to assign themselves to asset owners, and then perform certification and finally remove them from owners. This easy trick will bypass all certification limitations for "certifiers" group. The our idea is to have restricted group of educated people to perform the certification, knowing consequences and impact of such action.
But its open answer to your question.
Petr
I see yes, so any contributer can set an individual as an owner, and as a result the group for certifiers is smaller in effect, than those who could cerfify assets using the method that we proposed.