Submit Feedback
Legacy Knowledge Base
Published Sep. 10, 2025

Why I can see a document if I don't have permission in a parent folder and permissions inheritance is enabled?

Written By

Alejandro Zarza Roa

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

Issue

  • In a portal with the structure Folder1 > Folder2 > Folder3 > Document and below permissions:

Folder1: Subscribe, View, Access
Folder2: No permissions
Folder3: Subscribe, View, Access
Document: View, Add comments

  • User can see the document using the URL, even if it's inside the Folder2 and permissions.view.dynamic.inheritance=true.

 

Environment

  • Liferay DXP 7.3

 

Resolution

The Access permission masks the permissions.view.dynamic.inheritance property and that this is an expected behavior of the product. To understand this, it is necessary to differentiate between the Access and View permissions:

  • The "Access" permission is intended to allow users to access the contents of a folder that they cannot view.
  •  The "Access" permission can be useful in a use case like the following:
    You want to share the URL of a file inside your private folder with another user without granting the 'View' permission to the entire folder. The user receiving the URL will be able to view the file but will not be able to view the rest of the folder's contents.
  • The View permission does not mask the permissions.view.dynamic.inheritance property, and, if it is set to true, it checks if the user has permission to all parent folders if any.

In this case, it happens because the Access permission is assigned to the parent folder (Folder3). Removing the Access permission to this folder should stop displaying the content, since the permissions.view.dynamic.inheritance property would be taking effect in the behavior of the portal.

 

Additional Information

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?