Problems with the class UnrestrictedSessionRunner


I'm using the UnrestrictedSessionRunner class to try to WRITE_SECURITY permission before saving a Document(Task) to a user who is not in the Admin group , the runUnrestricted () method returns a new session without the information we need to grant permission. Here's an example

protected class WritePermission extends UnrestrictedSessionRunner {

    protected WritePermission(CoreSession session) {
        // this.session = documentManager;

    public void run() throws ClientException {

        DocumentModel doc = getCurrentDocument();
        ACP acp = null;
        DocumentModel doc2 = session.getDocument(new PathRef(
        try {
            acp = doc2.getACP();
        } catch (Exception e) {


        if (acp == null) {
            acp = new ACPImpl();
        ACL acl = acp.getOrCreateACL();
        int WorkspaceAdminACEIndex = acl.indexOf(new ACE(
                SecurityConstants.WRITE_SECURITY, true));
        if (WorkspaceAdminACEIndex == -1) {
            ACE ace = new ACE(session.getPrincipal().toString(),
                    SecurityConstants.WRITE_SECURITY, true);
            acl.add(0, ace);
            doc2.setACP(acp, true);

new WritePermission(documentManager).runUnrestricted(); // calling the runUnrestricted method.

How could grant permission to the user in this new session returned by runUnrestricted () method?

0 votes

1 answers



I don't understand the problem you have.


I was getting the error Privilege 'WriteSecurity' is not granted to 'user2 when trying to send a task (Save a document) , I am now extending the UnrestrictedSessionRunner class that return a unrestricted session to try to give WriteSecurity permission to the user to complete the task . This user is not included in the group Admin, so the method returns me a new session with user = "system", I wonder how to set the user logged in with this new permission WriteSecurity.



Just before testing on my side, do you have the right user when calling session.getPrincipal()? And if you put session.getPrincipal().getOriginatingUser()?


Hi Vladimir and Florent

Our problem is not the user. After some tests, I can create the Unrestricted Session, no problem, but this new Session has the "Principal = system".

The goal here is to create a Task document from "user2" to "user1". The first problem was to create this Task document without WriteSecurity rights. This problem was solved using the Unrestricted Session…. ok

Now, the problem is the user. When we are using the Unrestricted Session the user is "system" and the Task document created is no more our original user called "user2"


This was just fixed and will be available in the next 5.8 hotfix (NXP-14939).

0 votes

Hi, Thank You