Alfresco Security Model

rdanner — Wed, 30 Nov 2005 22:52:34 GMT

I have a quick question for you guys:In the web app all of the security assignment is at the space level.Users are assigned to spaces then assigned roles. This seems very ganular but a little bit wierd to me.I was kinda expecting there to be something like:we add roles to the systemwe add users to

Re: Alfresco Security Model

andy — Thu, 01 Dec 2005 09:57:00 GMT

Hi

The permissions model can be summarised as:


Authority  -  assigned  -   Permission           -    on a node   - deny/allow
  |                             |
User                       Permission
Group                      Set of permisoins
‍‍‍‍‍‍

Permissions are inherited by child nodes by default.
Any allow allows (as opposed to any deny denies)

In the UI, we refer to roles, they are really sets of permissions.
We only expose "allow" and "clearing" permissions.

An editor needs the lower level read/write/… permission sets.
The read permission set has the read-children and read-properties permissions. These low level permissions are used to control service level access.

So you can define what the set of permissions given to an editor are and change these. May be you want them to be able to undo check out….or not….

Group support is not present in the open version. In the next release of the open version you can assign permissions and permission sets to users. In the next pro/enterprise release you also get groups and group management.

So you can assign permission sets (or roles) to groups for maximum flexibility. If you want to define editors globally then you can create a group and assign the appropriate editor permission globally regardless of which node. Global permissions are currently defined in config.

Regards

Andy

topic Re: Alfresco Security Model in Alfresco Archive

Alfresco Security Model

Re: Alfresco Security Model