Hi. There is a problem with Vault 4.0.4 security and undelete functionality. I will try to explain:
Folder description:
$/Baseline (RCA Rights)
$/Baseline/Folder1 (Inherit RCA Rights)
$/Baseline/Folder2 (None Rights)
Folder2 is deleted by administrator. If user right-click on Baseline folder, selecting "properties" and "deleted items", he is able to undelete Folder2 even when he should not have seen this folder. Luckily he is unable to access this folder, but it is undeleted.
Can this be fixed?
Undelete security problem
Moderator: SourceGear
This is actually working as designed, since the user has RCA rights on the parent folder. But I can see where the user has unexpected ability to undelete the folder he has no access to. If you give the user only RC rights on the parent folder, he won't be able to undelete the subfolder. But with only RC rights, he can't add, label, move or rename, either.
I'll log a feature request to review this behavior.
I'll log a feature request to review this behavior.
Linda Bauer
SourceGear
Technical Support Manager
SourceGear
Technical Support Manager