This content has been marked as final. Show 2 replies
This is not an expected behavior (see the exception below).
"Folder security: Security is also applied at the folder level:
Each contribution folder has an owner, a user who has permission to manage the folder. The owner can change a folder's metadata and delete the folder, even if they do not have Write or Delete permission to the folder's security group. However, the owner does not have additional permissions to content items in the folder.
Users can see only the contribution folders assigned no security group or a security group for which they have at least Read permission."
"Users can create and edit folders, shortcuts to folders, and links to documents as allowed by Content Server's standard security model. Folders are assigned security attributes in the same way they are assigned to content items, including security group, account, and Access Control List attributes, if enabled."
I'd recommend you to repeat the same scenario, but rather than folders, use content items. If you see the same results, check your security settings. If you don't, check settings of additional config params that may "Relax security" - see http://docs.oracle.com/cd/E23943_01/doc.1111/e10978/c08_folders.htm#CIHIBCEC
Note that "f these variables are set to 'false' (not the default), users with no access privileges to secure content items or folders see them on Exploring pages. However, if they try to view the content, an access-denied error is displayed." Therefore, you could also verify whether you can actually step-in the folder, or get an error.