I am trying to create a metadata type, which can be added to a document only by people with a specific role. I have not found a way to make that work. People with metadata editing rights can always alter and add all metadata fields of a document type.
Do you have any suggestion how to create such a metadata field, which can be written and altered on a document only by having a specific role? I.e. a “read only” metadata field, even for people who generally have metadata editing right on the document level, unless you have a specific role?
as per my tests you can use ACLs but you need to redefine your permissions so that:
1- Give users no access to metadata using their roles.
2- Give view access to desired metadata.
3- Give view and edit access to the metadata they need to change.
This will work (users will be able to view more metadata than they can edit)
The problem ( as per my current tests) is that users still can fill all metadata during the upload phase, so I currently have no solution for that except using a workflow to override their entries.
Hope this is helpful
My bad, just more explaining metadata have ACLs too (per metadata record) thats the location to give view and edit permissions to roles
Thank you very much. Your suggestion solved my question.
I now have the same effect as you described, that at upload time all fields are available and actually remove data again via a workflow. Not nice, but it works.