https://connect.hyland.com/t5/alfresco-archive/permission-problem/m-p/225548#M178678 <HTML><HEAD></HEAD><BODY><SPAN>hello,</SPAN><BR /><BR /><SPAN>I got a question concerning the permission system. </SPAN><BR /><BR /><SPAN>I got an user who has the read permission (Consumer) on an content node A. With this permission he can link the node A to one of his folders (non primary child association).</SPAN><BR /><BR /><SPAN>This is done by using the web-service-client and the following code:</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />CMLAddChild addChild = new CMLAddChild(parentReference, null, null, null, predicateChild, null);<BR />CML cml = new CML();<BR />cml.setAddChild(new CMLAddChild[] { addChild });<BR />WebServiceFactory.getRepositoryService().update(cml);<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>The problem is, that the user can not remove node A from his folder.(remove the non primary child association) with the follwing code:</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />CMLRemoveChild cmlRemoveChild = new CMLRemoveChild(referenceFrom, null, predicateWhere, null);<BR />CML cml = new CML();<BR />cml.setRemoveChild(new CMLRemoveChild[] { cmlRemoveChild });<BR />WebServiceFactory.getRepositoryService().update(cml);<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>This code leads to an Exception:</SPAN><BR /><SPAN>org.alfresco.repo.security.permissions.AccessDeniedException: 06090003 Access Denied.&nbsp; You do not have the appropriate permissions to perform this operation.</SPAN><BR /><BR /><SPAN>The user has all Permissions(included the removeChildren permission) on the folder where he linked node A. </SPAN><BR /><SPAN>When the deletePermission on Node A is assigned to the User, than removing the non primary child association is possible. But with this permission he is also allowed to remove Node A itself and not only the Child association.</SPAN><BR /><BR /><SPAN>My questions are</SPAN><BR /><SPAN>- Why do I need more permissions to revert an addChild operation than to add it?</SPAN><BR /><SPAN>- why is it possible to create an childAssociation to a node by only having the read permission(something like update happens the update date changes)?</SPAN><BR /><SPAN>- how can I change the permission system, so that adding and removing child associations require the same permission? </SPAN><BR /><SPAN>- Why do I need the delete permission on a node to remove the child association to it?</SPAN><BR /><BR /><SPAN>best regards</SPAN><BR /><BR /><SPAN>bert</SPAN></BODY></HTML> Fri, 10 Jul 2009 08:38:53 GMT bk13 2009-07-10T08:38:53Z https://connect.hyland.com/t5/alfresco-archive/permission-problem/m-p/225548#M178678 hello,I got a question concerning the permission system. I got an user who has the read permission (Consumer) on an content node A. With this permission he can link the node A to one of his folders (non primary child association).This is done by using the web-service-client and the following code:CM Fri, 10 Jul 2009 08:38:53 GMT https://connect.hyland.com/t5/alfresco-archive/permission-problem/m-p/225548#M178678 bk13 2009-07-10T08:38:53Z https://connect.hyland.com/t5/alfresco-archive/permission-problem/m-p/225549#M178679 <HTML><HEAD></HEAD><BODY><SPAN>Hi there,</SPAN><BR /><BR /><SPAN>I've seen similar issues in the past, and my solution was basically to add another user (whose login would not be given out) that had the delete permission, in conjunction with content rules and Simple Workflow (not jBPM based).&nbsp; Regarding how to change the permission system, see these:</SPAN><BR /><UL><A href="http://wiki.alfresco.com/wiki/Security_and_Authentication#How_to_add_your_own_type_or_aspect.2C_assign_permissions_for_it.2C_configure_it_and_secure_a_service_that_uses_it_" rel="nofollow noopener noreferrer">http://wiki.alfresco.com/wiki/Security_and_Authentication#How_to_add_your_own_type_or_aspect.2C_assign_permissions_for_it.2C_configure_it_and_secure_a_service_that_uses_it_</A>….<BR /><A href="http://wiki.alfresco.com/wiki/PermissionModelDefintionExample" rel="nofollow noopener noreferrer">http://wiki.alfresco.com/wiki/PermissionModelDefintionExample</A></UL><SPAN>Hopefully this helps a bit.</SPAN></BODY></HTML> Fri, 10 Jul 2009 16:03:17 GMT https://connect.hyland.com/t5/alfresco-archive/permission-problem/m-p/225549#M178679 brian_robinson 2009-07-10T16:03:17Z https://connect.hyland.com/t5/alfresco-archive/permission-problem/m-p/225550#M178680 <HTML><HEAD></HEAD><BODY><SPAN>Hi Brian,</SPAN><BR /><BR /><SPAN>thank you very much for your reply. I also thought about an proxy user solution. Maybe thats the way.</SPAN><BR /><BR /><SPAN>Bert</SPAN></BODY></HTML> Mon, 13 Jul 2009 10:12:37 GMT https://connect.hyland.com/t5/alfresco-archive/permission-problem/m-p/225550#M178680 bk13 2009-07-13T10:12:37Z