Document permissions Content Engine API

Question

I'm trying to remove/add the groups from security of a document in FileNet using CPE API. I am able to remove wihtout any issues. However, when I try to add the groups that are missing, by inheriting from document class, groups get added without full permissions. For example, I remove "author" group and when I try to add the same group back, it does not have all the permissions.

Remove groups:

AccessPermissionList apl = doc.get_Permissions();
Iterator iter = apl.iterator();
while (iter.hasNext())
    {
        AccessPermission ap =  (AccessPermission)iter.next();
        if(ap.get_GranteeName().contains("group name")){
            iter.remove();
        }
    }
doc.set_Permissions(apl);
doc.save(RefreshMode.NO_REFRESH);

Add groups:

DocumentClassDefinition docClassDef = Factory.DocumentClassDefinition.fetchInstance(os, classID, null);
AccessPermissionList docClassApl = docClassDef.get_Permissions();
Iterator docClassApliter = docClassApl.iterator();
for(Object obj : docClassApl)
            {
                AccessPermission ap =  (AccessPermission)obj;
                if(!apl.contains(ap)){
                    apl.add(ap);
                }
            }
doc.set_Permissions(apl);
doc.save(RefreshMode.NO_REFRESH);

RESOLVED: Had to use DefaultInstanceSecurity rather than regular security as the permissions in both instances were different. So just updated the following line of code:

AccessPermissionList docClassApl = docClassDef.get_DefaultInstancePermissions();

Answer 1

You need to set AccessMask too. Like below:

AccessPermission ap;
ap.set_AccessMark ( new Integer (AccessLevel.FULL_CONTROL_DOCUMENT_AS_INT));
//AccessLevel.WRITE_DOCUMENT_AS_INT
//AccessLevel.MAJOR_VERSION_DOCUMENT_AS_INT

Version 5.2.0 onwards, AccessLevel is deprecated but you can give it a try. AccessRight is the replacement now. Refer this.

Update

public static void setPermissions(Document doc) throws IOException {

    //In cpetarget.properties file
    //cpetarget.security=Administrator:FULL_CONTROL,p8admin:MODIFY_PROPERTIES

    InputStream input = new FileInputStream("cpetarget.properties");
    java.util.Properties prop = new java.util.Properties();
    prop.load(input);
    List<String> strList = new ArrayList<String>(Arrays.asList(prop.getProperty("cpetarget.security").split(",")));

    AccessPermissionList apl = doc.get_Permissions();
    Iterator<AccessPermission> itr = apl.iterator();
    List<AccessPermissionList> oldPermissionsList = new ArrayList<AccessPermissionList>();
    oldPermissionsList.addAll(apl);
    // Remove all your old permissions here
    apl.removeAll(oldPermissionsList);
    // Add all your new permissions here
    try {
        for (String str : strList) {
            String[] strArray = str.split(":");
            AccessPermission permission = Factory.AccessPermission.createInstance();
            permission.set_GranteeName(strArray[0]);
            permission.set_AccessType(AccessType.ALLOW);
            permission.set_InheritableDepth(new Integer(0));
            //permission.set_InheritableDepth(new Integer(0)); // this object only
            //permission.set_InheritableDepth(new Integer(-1));this object and all children
            //permission.set_InheritableDepth(new Integer(1)); this object and immediate children

            if (strArray[1].equalsIgnoreCase("FULL_CONTROL")) {
                permission.set_AccessMask(new Integer(AccessLevel.FULL_CONTROL_DOCUMENT_AS_INT));
                //permission.set_AccessMask(AccessRight.MAJOR_VERSION_AS_INT);
            }
            if (strArray[1].equalsIgnoreCase("READ_ONLY")) {
                permission.set_AccessMask(new Integer(AccessLevel.VIEW_AS_INT));
            }
            if (strArray[1].equalsIgnoreCase("MODIFY_PROPERTIES")) {
                permission.set_AccessMask(new Integer(AccessLevel.WRITE_DOCUMENT_AS_INT));
            }
            if (strArray[1].equalsIgnoreCase("MAJOR_VERSIONING")) {
                permission.set_AccessMask(new Integer(AccessLevel.MAJOR_VERSION_DOCUMENT_AS_INT));
            }

            AccessPermissionList permissions = doc.get_Permissions();
            permissions.add(permission);
            doc.set_Permissions(permissions);
            doc.save(RefreshMode.REFRESH);
            System.out.println("Done");
        }
    } catch (Exception e) {
        e.printStackTrace();
    }
}