my problem is that I don't want super user ORCLADMIN to see (open, read..) some of my documents in CMS.
To make things clear... I had created folder with secret documents which are available just for users from group I added. But..when I log-on as ORCLADMIN and switch to admin mode...ORCLADMIN user also can see that secret documents....
I don't want ORCLADMIN super user to see this documents, because they are SECRET.
Is there any way to disable ORCLADMIN super user to see(open, download, read...) some of documents or folders?!?
I don't believe this is any way round this because as soon as you enter admin mode the user has access to all the folders and functionality. The only way would be to restrict access to ORCLADMIN user but this would be dangerous as depending on how you set this you may never be able to set the security back.
An alternative would be to create a not-so-SUPER user and use this instead, and keep the ORCLADMIN password secure.
This new user could have some form of diminished responsibilities. i.e won't be able to switch to administration mode, hence see these files/folders where sharing has not been granted
I think we were going to go down the route of DB Vault at some point but I think the licensing costs and timescales went against us. one other option might be VPD polices on the Content DB but not sure how the web client would handle this.
Still don't know if having the ORCLADMIN password widely available is a good. If say however your application is SSO enabled it means you could potentially opening yourself up for widespread access to other applications.
By default orcladmin gets all admin roles, try to right click on the folder you want to change and see if you can revoke the content administrator privilege for orcladmin on that folder as a different user(admin user on that folder who can see these secret documents.(Again you need to make sure that you manage these security privileges properly - plan out what you want and what you dont).