Block access to nuxeo administrator
Is it possible to block access to the administrator for a certain workspace/folder in Nuxeo(-dm) 5.5?
We tried set all permissions to “deny” but the folder is still visible to administrator. And we did save “local rights”.
The same behavior happens if administrator in question is defined through “administratorId” in the config of is only a member of administrators.
The desired effect is the following :
We want to have a “nuxeo officer/administrator” who is able to fine tune our Nuxeo instance, and sometime helps user with problems.
But we don't want this user be able to see certain sensitive documents (like salaries). Is there a way to achieve this goal?
Although based on what you describe I don't hold out hope that this will make any difference.
This is not possible with the current security model. Note that even if it was, your administrator probably has access to the database and storage and would be able to access the document anyway, albeit not as easily.
You may want to store an encrypted version of the document instead, with the decryption key shared only between people who should be able to access it (encryption/decryption would be done client-side, outside Nuxeo).