How do you massively update the ACLS of existing documents?

Hello,

If you implement a new security policy in IDM through the use of ACL rules but you have a substantial history of existing documents, it is necessary to retroactively apply this policy to these documents.
Have you found a way of doing this more or less automatically?

I've tried using IDM utilities, but it's buggy when it comes to updating ACLs.
And I haven't seen much in the way of modifying ACLs by API either.

It's hard to get used to having to modify the history by hand.

So, if you have a clever idea, I'd love to hear it.

Find more posts tagged with

Infor Document Management (IDM)

Accepted answers

All comments

Hans Møller Hansen (HSH.DK)

Hi Denis

The IDM utilities tool cannot update ACL alone, but you can change the ACL if you also change an attribute. Therefore, I normally add a new temporary attribute called M3_batchUpdate to the document type. You the set this to TRUE in the batch update and you can use this in the search Query to see what is already updated.

When everything is updated, I take away the M3_batchUpdate attribute from the IDM document type.

Denis MARETTE

Yes - I did understand that subtlety.
But it only seems to work if there is no selection on attributes in the request.

For example, let's say I have a security rule that depends on my company.
Depending on my company, I'll have to update my ACL with a particular ACL.

So I'm forced to make a selection in my query to select only the documents for this company, fill in the ACL with the relevant ACL and possibly update a dummy attribute.

But if I do this, I get an error at runtime. Wouldn't you?

And my conclusion is that I can't use a selection on attributes in the QUERY

Hans Møller Hansen (HSH.DK)

You have to do this company by company using the xquery. So I build this search in the IDM client.

/M3_CustomerInvoice[(@M3_BatchUpdate IS NULL OR @M3_BatchUpdate = "") AND @CREATETS < "2023-09-08T22:00:00.000Z" AND @CREATETS > "2023-07-31T22:00:00.000Z"] SORTBY(@LASTCHANGEDTS DESCENDING)

Denis MARETTE

Yes, in principle: I agree.
Instead of introducing a selection on M3_BatchUpdate, I made a selection like M3_Company = 770.
And when I did that, I got an error at runtime.
Perhaps there's a more recent version of the utility then?

Denis MARETTE

I have to admit that by applying your instructions, I no longer have the error I had encountered ...

The only difference lies in the presence and use of a new attribute. I had done more or less the same thing with an existing attribute and it was causing me errors.

However, even though it seems to be engaging better (see my screenshot), in the end, the execution remains frozen???

I also notice that we don't have exactly the same user interface.

Denis MARETTE

I finally understood what the problem was.

First, I updated my utilities version, which dated back to 2021. Now it's 2024.

Secondly, it's true that adding a new attribute to the relevant document type means that the documents all have this blank attribute.
Then you need to do a search on the documents you're interested in.
But you also need to test that the new attribute must be empty. Otherwise, the update will loop...

And you need to update the new attribute with a value so that the search doesn't loop.

It's all these conditions that make it work in the end.

Thank you for your collaboration, which enabled me to put all the pieces of the puzzle together.

Copyright © 2025 Infor. All rights reserved.