It might happen that users or groups are deleted in the LDAP system, so FileNet cannot resolve them any longer. But in all objects of the FileNet system where these users or groups are used the SID still remains in the ACL. Here is a custom sweep action for find these objects and remove the SID from the ACL
function getRequiredProperties()
{
return new Array();
}
function onPolicySweep(SweepObject, SweepPolicy, SweepItems)
{
}
function onSweep(SweepObject, SweepItems)
{
try
{
var itemIterator = SweepItems.iterator();
while (itemIterator.hasNext())
{
var item = itemIterator.next();
var foundSIDs = new Array();
var aclChanged = false;
try
{
var permissions = item.get_Permissions();
if (permissions != null)
{
var permList = permissions.toArray();
for (var i = permList.length - 1; i >= 0; i--)
{
var ace = permList[i];
var granteeName = ace.get_GranteeName();
if (granteeName != null && granteeName.toUpperCase().indexOf("S-1-") == 0)
{
foundSIDs.push(granteeName);
permissions.remove(ace);
aclChanged = true;
}
}
}
if (aclChanged)
{
item.set_Permissions(permissions);
item.save(RefreshMode.NO_REFRESH);
java.lang.System.out.println("ACL_CLEANED | DocId: "
+ item.get_Id().toString()
+ " | Entfernte SIDs: " + foundSIDs.join("; "));
}
}
catch (itemEx)
{
java.lang.System.out.println("Fehler bei Dokument: "
+ item.get_Id().toString() + " | " + itemEx.message);
}
}
}
catch (e)
{
java.lang.System.out.println("Sweep Fehler: " + e.message);
}
}