Author: Halfvares Mats, Teknikhuset AB.

Published: 2004-10-27

Applies to:
  • Content Studio ver. 4.0

Type: Bug


When you have a special permission set that should be valid only for the actual container and documents and that is marked that it should not be inherited below objects directly contained in the actual container permissions are propagated down to the first child container. In the advanced dialog of one of the first level of child containers an entry for the trustee marked with "Unknown flags" attribute might be visible. This record is actually meaningless since it will not grant nor deny any permissions. Users also could note that this entry sometimes disappared and later reappered. Typically this entry will be visible in most installations on the unit level and appears as a special permission for Everyone marked as applying to "Unknown flags".


This is a bug in the internal routine that copies permissions down from parent to child objects that are called on each child object of any touched security object. If this routine found an entry marked with the flag NO_PROPAGATE_INHERIT_ACE the function marked it with the flag INHERIT_ONLY_ACE and removed the NO_PROPAGATE_INHERIT_ACE flag. This is an illegal flag value combination that should be discarded. If this entry was missing it was applied but when present this entry was correctly removed from the object DACL.
This problem is considered a non-critical bug.


Administrators who are concerned by this issue should upgrade to version 4.0 build 1005 of Content Studio.


This is a confirmed bug that has been fixed in Content Studio version 4.0 build 1005.