I am trying to create a metadata type, which can be added to a document only by people with a specific role. I have not found a way to make that work. People with metadata editing rights can always alter and add all metadata fields of a document type.
Do you have any suggestion how to create such a metadata field, which can be written and altered on a document only by having a specific role? I.e. a “read only” metadata field, even for people who generally have metadata editing right on the document level, unless you have a specific role?
as per my tests you can use ACLs but you need to redefine your permissions so that:
1- Give users no access to metadata using their roles.
2- Give view access to desired metadata.
3- Give view and edit access to the metadata they need to change.
This will work (users will be able to view more metadata than they can edit)
The problem ( as per my current tests) is that users still can fill all metadata during the upload phase, so I currently have no solution for that except using a workflow to override their entries.
Thank you very much. Your suggestion solved my question.
I now have the same effect as you described, that at upload time all fields are available and actually remove data again via a workflow. Not nice, but it works.