Here's a poser:

Since upgrading to GW7, something strange seems to be going on with
document security rights, specifically restricting sharing of documents.

We've been using the DMS since GW5.5. It worked like this:

Document 1234 is saved into a library which everyone in the office has
access to. This document's sharing rights are for the creator to view,
edit, delete, share & modify and the author (two different people) to
view, edit, share & modify. The general user population has "denied"
access.

Only the creator and the author would be able to find this document or
create a document reference to it.

Only the creator and the author would be able to view or open this
document if it was attached to an email (ie: one of them sends the
entire staff the document via email but doesn't amend the sharing rights
to allow them access). Everyone else would receive a message indicating
insufficient security rights.

Quite simply, if you tried to do anything with a document not
specifically shared to you, you couldn't. End of story.


Now in GW7 (shipping code, various FTFs and the beta SP1), it works like
this:

Document 1234 is saved into a library which everyone in the office has
access to. This document's sharing rights are for the creator to view,
edit, delete, share & modify and the author (two different people) to
view, edit, share & modify.

Only the creator and the author would be able to find this document or
create a document reference to it.

However, if the creator or author sends the document to another staff
member that does not have rights, they are able to view and/or open the
document. They are not able to find it on a search, nor can they create
a document reference. To attempt either results in a "insufficient
sharing rights" message.

So how is it that such people can view & edit documents they don't
actually have access to and worse - those people can forward the email
containing the attached document and that recipient (also without
sharing rights) can do exactly the same thing?

I've got this situation in a production environment of nearly 300,000
documents, many of them highly confidential. I've also installed GW7
from scratch on another (NetWare 6.5) server and found exactly the same
behaviour.

I've seen staff who are not members of a particular library receive a
document from that library via email and be able to open it.

Is this a bug or a very bad new security feature??? I'm really
concerned about this one so any knowledge/ideas/thoughts anyone might
have would really be appreciated.

Cheers,
CB