Attached you will find a custom sweep action that is able to change and create a new ACL on existing objects.
importPackage(java.lang);
importClass(java.lang.System);
importPackage(Packages.com.filenet.api.sweep);
importPackage(Packages.com.filenet.api.property);
importPackage(Packages.com.filenet.api.security);
importPackage(Packages.com.filenet.api.core);
importPackage(Packages.com.filenet.api.constants);
importPackage(Packages.com.filenet.api.engine);
function onPolicySweep(SweepObject, SweepPolicy, SweepItems){
}
function onSweep(sweepObject, sweepItems){
// ACL-Konfiguration mit verschiedenen Berechtigungen
// Format: 'benutzername/gruppe;zugriffsrechte-code'
// Zugriffsrechte-Codes (können kombiniert werden):
// Full Control: 998903 (alle Rechte)
// Read/Write: 131201 (VIEW_PROPERTIES + WRITE_PROPERTIES + CREATE_INSTANCE + WRITE)
// Read Only: 131073 (VIEW_PROPERTIES + READ)
var newAcl = [
'p8admin@p8.tta;998903', // Full Control
'admin@p8.tta;998903', // Full Control
'editors_group@p8.tta;131201', // Read/Write
'readers_group@p8.tta;131073' // Read Only
];
var hcc = HandlerCallContext.getInstance();
hcc.traceDetail("Entering CustomSweepHandler.onSweep");
hcc.traceDetail("sweepObject = " + sweepObject.getProperties().getIdValue(PropertyNames.ID) + "sweepItems.length = " + sweepItems.length);
// Iterate the sweepItems and change the Acl.
ii = 0;
for (ii = 0; ii < sweepItems.length; ii++){
// At the top of your loop, always check to make sure
// that the server is not shutting down.
// If it is, clean up and return control to the server.
if (hcc != null && hcc.isShuttingDown()){
throw new EngineRuntimeException(ExceptionCode.E_BACKGROUND_TASK_TERMINATED, this.constructor.name + " is terminating prematurely because the server is shutting down");
}
var item = sweepItems[ii].getTarget();
var msg = "sweepItems[" + ii + "]= " + item.getProperties().getIdValue("ID");
hcc.traceDetail(msg);
try{
var CEObject = com.filenet.api.core.Document (item);
hcc.traceDetail(" newAcl = " + newAcl);
setSecurity(CEObject, newAcl, hcc);
// Set outcome to PROCESSED if item processed successfully.
sweepItems[ii].setOutcome(SweepItemOutcome.PROCESSED, "item processed by " + this.constructor.name);
}catch (ioe){
// Set failure status on objects that fail to process.
sweepItems[ii].setOutcome(SweepItemOutcome.FAILED, "CustomSweepHandler: " + ioe.rhinoException.getMessage());
hcc.traceDetail("FAILED " + ioe.rhinoException.getMessage());
}
}
hcc.traceDetail("Exiting CustomSweepHandler.onSweep");
}
/*
* Called automatically when the handler is invoked by a custom sweep job
* or sweep policy. Specify properties required by the handler, if any.
* If you return an empty array, then all properties are fetched.
*/
function getRequiredProperties()
{
var pnames = ['Id','Permissions'];
return pnames.toString();
}
function setSecurity(doc, newAcl, hcc) {
var accessRights = 0;
var acl = doc.get_Permissions(); //AccessPermissionList
if(hcc) hcc.traceDetail(" acl " + acl);
// remove existing acl
acl.clear();
for(i = 0; i<newAcl.length; i++){
var entry = newAcl[i].split(';');
var name = entry[0];
var accessRights = parseInt(entry[1]);
if(hcc) hcc.traceDetail(" Setze Berechtigung für: " + name + " -> AccessMask: " + accessRights);
var ap = Factory.AccessPermission.createInstance(); //AccessPermission
ap.set_GranteeName(name);
ap.set_AccessType(com.filenet.api.constants.AccessType.ALLOW);
ap.set_InheritableDepth(0); // all objects
ap.set_AccessMask(accessRights);
acl.add(ap);
}
doc.set_Permissions(acl);
doc.save(com.filenet.api.constants.RefreshMode.NO_REFRESH);
return;
}You need to modify the section „var newAcl“ with the specific users or groups and the required ACL code.
If you to not know the ACL codes you can create a new marking set in the domain, add all required permissions and copy the access controll code in the script.