I did a bulk security update on all the documents for a certain clause, to deny "View Content" permission. Even though for each document I can see that the security change is updated, I am still able to search the documents and view its properties which is a security issue for us. Please let me know if there are other changes that needs to be done.
Through the java API when I try to fetch the getAccessAllowed for the document, I can see that it does not have "View Content" rights.
As per the attached link, This is by design.
If the #AUTHENTICATED_USERS group is present at the object store level and Set Owner of any object or even if just connect and Create are allowed, Then the user can search documents and view all its properties regardless of the document or class definition level permissions.
Is there any way to override this constraint?
