I’m not feeling confident yet on this discussion. I don’t know if I’m not explaining my case well, or if there is much more at stake than I think.
I will admit that it’s risky to change the paradigm “run security checks just to be perfectly sure”.
Starting from the documentation (see link above) but not using documentation as a foundation of the argument.
First, I have a question:
True or false: The most accepted way to change an object’s permission is through a workflow transition.
Most of my analysis has this truth a foundation. If it’s not true. I need to step back.
I think this is false, but not sure. I was unaware that an indexing took place. Well, of course the object being transitioned needs to be reindexed, but not it’s children. At least that the position I’m defending and the subject of this whole post.
For default content types and workflows, If a folder is made private, a direct-descendent child image will acquire the folders permissions because the image has no workflow state property. Acquisition rule.
Other objects in that folder with workflows assigned will retain their permissions.
So, my experiment is to use debug to change a workflow state on a folder to private, reindex only that folder, (no transition events) and see if the image becomes private.
If so, then there is no reason to reindex the image.
Other objects that do have workflows are not transitioned, so the user is not changing their security, and indexing is unnecessary.
Does this make sense?