Free Support Forum -

Apex Cloud User Access Rights

Hello we are using the GroupDocs SDK for Apex (SalesForce) in are organization

we have this function

public void giveUserCollaboratorAccessToFiles(GD_ListEntitiesResult result) {

    GD_UserInfo user = createUserIfNeeded();
    GD_ReviewerInfo info = new GD_ReviewerInfo();
    info.primary_email = user.primary_email;
    info.firstName = user.firstname;
    info.lastName = user.lastname;
    info.access_rights = '3';
    info.guid = user.guid;
    info.color = 16711680;
    GD_ListEntitiesResult newResult = new GD_ListEntitiesResult();
    List<GD_FileSystemDocument> newFiles = new List<GD_FileSystemDocument>();
    for (GD_FileSystemDocument file : result.files) {
        setCollaborator(file.guid, info);
        String signedURL = new GD_GroupDocsSecurityHandler(GD_Utils.privateKey).handleURL(
            '' + file.guid + '?uid=' + user.guid, null);
        file.fullSignedURL = signedURL;
        file.modifyDate = convertDate(file.modified_on);
        file.createDate = convertDate(file.created_on);
   if (file.guid != null) {
        GD_Drawing__c[] drawingObjs = [SELECT CreatedById, Name, Description__c, Id from GD_Drawing__c where Name = :file.guid];
            if (drawingObjs.size() > 0) {
                User owner = [SELECT Id, Name FROM User WHERE Id = :drawingObjs[0].createdById];
                if (owner != null) {
                    file.ownerName = (String) owner.Name;
                    file.CreatorId = (String);
                file.description = drawingObjs[0].Description__c;
                file.gdId = drawingObjs[0].Id;
    newResult.files = newFiles;
    this.files = newResult.files;

public String convertDate(Long millisecondDate) {
    if (millisecondDate != null) {
        DateTime dateVal = DateTime.newInstance(millisecondDate);
        return dateVal.format();
    return '';

this line is not setting the access_right when adding a user to group docs

info.access_rights = ‘3’;

are goal is to not allow user to delete annotations.

I found this info on the java library for access rights

CAN_VIEW - allows a user to view the document and add comments to existing annotations

CAN_ANNOTATE - allows a user to place new, and modify existing, annotations

CAN_DOWNLOAD - allows a user to download the original document without annotations

CAN_EXPORT - allows a user to export the document with annotations

CAN_DELETE - allows a user to delete annotations (both the user’s own annotations and those placed by other users)

CAN_REDACT - allows a user to redact (redaction tool) a text or a resource

All - permits all available actions

If you need to grant only specific access rights to a user, for example the ability to annotate and download the document, you can use the AccessRights helper method - public static int from(AccessRights[] accessRights):

AccessRights.from(AccessRights.CAN_ANNOTATE, AccessRights.CAN_DOWNLOAD)

This will compute the sum of these enums and return the integer value needed for the scripts generating method.

I also found this on a previous forum

None = 0,

CanView = 1,

CanAnnotate = 2,

CanDownload = 4,

CanExport = 8,

CanDelete = 16,

CanRedact = 32,

All = 63

I have tried changing to access right to a bunch of different number but it is not reflected in the

embedded annotation viewer.

How can I achieve not allowing users to delete annotations .


Michael Behan


Hello Michael,

Thank you for the request.To prevent annotation deleting try to set user rights to 47 - info.access_rights = ‘47’;

Best regards.


Hello Pavel,

thanks so much for the quick response back.

That is actually the first value that I tried.

I have tried 3 CanView - CanAnnotate

I tried 15 CanView - CanAnnotate - CanDownload - CanExport

I tried 47 CanView - CanAnnotate - CanDownload - CanExport - CanRedact.

None of these values effect the embedded annotation viewer.

Michael Behan.


Hello Michael,

We will investigate this issue and then return to you.

Sorry for the inconvenience.


Hi again,

I have investigated your code and found out that you missed some methods. You use such logic:
1. Create user
2. Set his options
3. add him as collaborator

But you should add such steps:

4. Change access rights after adding collaborator
5. Call “SetReviewerRights” method

Best regards


Hello we are setting it with this method

public void setCollaborator(String fileId, GD_ReviewerInfo info) {
GD_GroupDocsSecurityHandler securityHandler = new GD_GroupDocsSecurityHandler(GD_Utils.privateKey);
GD_ApiClient api = new GD_ApiClient(securityHandler);
GD_AntApi antApi = new GD_AntApi(api);

//Check if the user is already a collaborator
GD_GetCollaboratorsResponse userResp = antApi.GetAnnotationCollaborators(GD_Utils.clientId, fileId);
List<GD_ReviewerInfo> reviewers = userResp.result.collaborators;
for (GD_ReviewerInfo reviewer : reviewers) {
if (!info.primary_email.equalsIgnoreCase(reviewer.primary_email)) { // If the user is not already a collaborator
//We havent found a collaborator…lets add this user
GD_AddCollaboratorResponse collabresponse = antApi.AddAnnotationCollaborator(GD_Utils.clientId, fileId, info);
List<GD_ReviewerInfo>userInfo = new List<GD_ReviewerInfo>();
GD_SetReviewerRightsResponse response = antApi.SetReviewerRights(GD_Utils.clientId, fileId, userInfo);

which we are calling in the methiod from the first post with setCollaborator(file.guid, info);

Michael Behan



Thank you for coming back. Yes, correct but you have also missed URL signing with signUrl(string url); method and then you should also add such parameter: ?uid=“collaboratorGuid” to the URL which you use for embeding Annotation.
For example result URL can look like this one:

signature= - will be added automatically by signUrl() method.

Best regards.

Hello Pavel

In the GD_GroupDocsSecurityHandler class

public String handleURL(String url, Map headers){
URL resourceURL = new URL(url);
String pathAndQuery = resourceURL.getFile();
if(url.endsWith(' ')){
pathAndQuery = pathAndQuery + ' ';
String signature = sign(GD_Utils.encodeURI(pathAndQuery));
String signedURL = url + (resourceURL.getQuery() == null ? '?' : '&') + 'signature=' + GD_Utils.encodeURIComponent(signature);
return signedURL;

we are calling this method in the code from the first post at these lines

String signedURL = new GD_GroupDocsSecurityHandler(GD_Utils.privateKey).handleURL(
'' + file.guid + '?uid=' + user.guid, null);
file.fullSignedURL = signedURL;

Which I believe is doing exactly what you mentioned in your last post unless I am mistaken

Please let me know if the is anything else that we are missing when creating user access rights

Michael Behan

Hello Michael,

No, you not missed anything, your code is correct. We have investigated in more details your issue also we have discussed it with our Product team and found out that at this moment you can't disable deletion of annotations for collaborator if you use "Can Annotate" parameter for access rights of reviewer(collaborator). This parameter automatically turns the ability of deletion for collaborator.

We will investigate this behavior end and we will try to find out this, could be that we will update user access rights logic . We will notify you when we will have any result from our Product team.


Best regards,
Evgen Efimov
Your Document Collaboration APIs
Follow us on LinkedIn, Twitter, Facebook and Google+


Hi Evgen,

Is there someone in a management position within your organization we can speak to regarding this issue? It’s a showstopper and will force us to cease our subscription with GroupDocs if it can’t be addressed. Our client requires that collaborators on a document not be able to delete other user’s annotations. Please e-mail me with a phone number of email address of someone I can schedule a meeting with to discuss further.

Thanks and have a great day,

Bob Amelung

Hello Bob,

We already logged this problem in our issue tracking system as ANNOTATION-1139 and our product team works on it. Also we have linked this forum thread to the same issue and you will be notified via this forum thread once this issue is resolved.

If you have any questions about management , then you can send your request to the and our sales team will respond as soon as possible.

Also could you please clarify, why do you use "Anonymous" account and does this post belong to you ?


Best regards,
Evgen Efimov
Your Document Collaboration APIs
Follow us on LinkedIn, Twitter, Facebook and Google+