Customizing User Actions on Documents (beyond role level restrictions)


Customers want to enable/restrict access to certain users for some documents.


  • Users can edit a document but cannot delete it

  • Allow write options but disable “Move”,”Rename” or, “Delete” access

  • Allow some users to edit certain documents but not the remaining documents.


For the rights level, we only have read/write access and one action in particular cannot be excluded from "write" access.

This issue, however one can achieve the desired restrictions with SCXML Workflow Engine.


The SCXML configuration can be adjusted to achieve user action restrictions for the documents. However, be cautious before making such changes as these are subject to get overwritten every time the system gets upgraded. 

The SCXML configuration resides in the repository. When changes are made in a local development environment, the auto-export produces a yaml file. Therefore, the customizations are packaged and deployed to non-local environments overwriting the changes.

Default SCXML configuration as follow:


<if cond="workflowContext.isGranted(deleteSource, 'hippo:author')">

      <!-- if the user is author (granted hippo:author),

         report the delete/move/rename operations as available but default disabled -->

      <hippo:action action="delete" enabledExpr="false"/>

      <hippo:action action="move" enabledExpr="false"/>

      <hippo:action action="rename" enabledExpr="false"/>



Default configuration is set to “false” and this needs to be updated based on requirements.


Please provide your feedback below. We would like to know if our help center is effective in solving your queries.

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?