https://connect.hyland.com/t5/alfresco-archive/security-issue/m-p/26893#M13449 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>It would help to know the repository version and what you are doing.</SPAN><BR /><BR /><SPAN>If you are using version 1.1.1 you need to use version 1.1.2 to fix a security issue about permission enforcement.</SPAN><BR /><BR /><SPAN>If you are using the 1.0 open version, permissions were not included in this release.</SPAN><BR /><BR /><SPAN>If you are using the API direct, only the public service beans apply permission. There are two versions of these public beans. For example, "nodeService" and "NodeService". "nodeService" does not apply security, it is wrapped by "NodeService" which applies security. The same pattern applies to "searchService" and "SearchService".</SPAN><BR /><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Mon, 09 Jan 2006 10:11:44 GMT andy 2006-01-09T10:11:44Z https://connect.hyland.com/t5/alfresco-archive/security-issue/m-p/26892#M13448 hi,i have created a node with user: admin and tryed to access it using user: user1, i am able to access it, even when i set to read permission to false. accoring to the wiki the "on the NodeService bean, the readProperties method checks that the current user has read access to the properties of the Sat, 07 Jan 2006 15:33:14 GMT https://connect.hyland.com/t5/alfresco-archive/security-issue/m-p/26892#M13448 pmarreddy 2006-01-07T15:33:14Z https://connect.hyland.com/t5/alfresco-archive/security-issue/m-p/26893#M13449 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>It would help to know the repository version and what you are doing.</SPAN><BR /><BR /><SPAN>If you are using version 1.1.1 you need to use version 1.1.2 to fix a security issue about permission enforcement.</SPAN><BR /><BR /><SPAN>If you are using the 1.0 open version, permissions were not included in this release.</SPAN><BR /><BR /><SPAN>If you are using the API direct, only the public service beans apply permission. There are two versions of these public beans. For example, "nodeService" and "NodeService". "nodeService" does not apply security, it is wrapped by "NodeService" which applies security. The same pattern applies to "searchService" and "SearchService".</SPAN><BR /><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Mon, 09 Jan 2006 10:11:44 GMT https://connect.hyland.com/t5/alfresco-archive/security-issue/m-p/26893#M13449 andy 2006-01-09T10:11:44Z https://connect.hyland.com/t5/alfresco-archive/security-issue/m-p/26894#M13450 <HTML><HEAD></HEAD><BODY><SPAN>thank u for ur promt reply.</SPAN><BR /><BR /><SPAN>prasanth</SPAN></BODY></HTML> Mon, 09 Jan 2006 16:49:14 GMT https://connect.hyland.com/t5/alfresco-archive/security-issue/m-p/26894#M13450 pmarreddy 2006-01-09T16:49:14Z