https://connect.hyland.com/t5/alfresco-archive/custom-role-visible-in-alfresco-explorer/m-p/273060#M226190 <HTML><HEAD></HEAD><BODY><SPAN>Hi all,</SPAN><BR /><BR /><SPAN>I'm trying to add a custom role.</SPAN><BR /><BR /><SPAN>Now, what one needs to do to get this to work is to edit the permissionDefinitions.xml file with your own custom role, and to edit the webclient.properties file for that new custom role (this part makes the role visible in Alfresco Explorer). That's all fine too and appears to work, but the fun part starts now.</SPAN><BR /><BR /><SPAN>We all know about the Consumer role.</SPAN><BR /><SPAN>It looks like this:</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />&lt;!– The Consumer permission allows read to everything by default.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; –&gt;<BR />&lt;permissionGroup name="Consumer" allowFullControl="false" expose="true" &gt;<BR />&lt;includePermissionGroup permissionGroup="Read" type="sys:base" /&gt;<BR />&lt;/permissionGroup&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>Read permissionGroup in return looks like this:</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />&lt;permissionGroup name="Read"&nbsp; expose="true" allowFullControl="false"&gt;<BR />&lt;includePermissionGroup type="sys:base" permissionGroup="ReadProperties"/&gt;<BR />&lt;includePermissionGroup type="sys:base" permissionGroup="ReadChildren"/&gt;<BR />&lt;includePermissionGroup type="sys:base" permissionGroup="ReadContent"/&gt;<BR />&lt;/permissionGroup&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>Now, if I define my custom role and just make it extend the Consumer one, everything works, like this:</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />&lt;permissionGroup name="MyCustomRole" allowFullControl="false" expose="true" &gt;<BR />&lt;includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/&gt;<BR />&lt;/permissionGroup&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>If I define my custom role like this, everything still works (just replaced the Consumer role with what it's built with, Read permissionGroup:</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />&lt;permissionGroup name="MyCustomRole" allowFullControl="false" expose="true" &gt;<BR />&lt;includePermissionGroup permissionGroup="Read" type="sys:base" /&gt;<BR />&lt;/permissionGroup&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>Finally, and most importantly, if I define my custom role like this (replacing Read permission groups with it's permissionGroups, the role breaks. Meaning, it simply does not work, read permissions are not there. </SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />&lt;permissionGroup name="MyCustomRole"&nbsp; expose="true" allowFullControl="false"&gt;<BR />&lt;includePermissionGroup type="sys:base" permissionGroup="ReadProperties"/&gt;<BR />&lt;includePermissionGroup type="sys:base" permissionGroup="ReadChildren"/&gt;<BR />&lt;includePermissionGroup type="sys:base" permissionGroup="ReadContent"/&gt;<BR />&lt;/permissionGroup&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>My question is, am I missing something here? Has someone encountered this one before, maybe worked around it?</SPAN><BR /><SPAN>Thanks!</SPAN></BODY></HTML> Thu, 31 Jan 2013 20:28:37 GMT lista 2013-01-31T20:28:37Z https://connect.hyland.com/t5/alfresco-archive/custom-role-visible-in-alfresco-explorer/m-p/273060#M226190 Hi all,I'm trying to add a custom role.Now, what one needs to do to get this to work is to edit the permissionDefinitions.xml file with your own custom role, and to edit the webclient.properties file for that new custom role (this part makes the role visible in Alfresco Explorer). That's all fine to Thu, 31 Jan 2013 20:28:37 GMT https://connect.hyland.com/t5/alfresco-archive/custom-role-visible-in-alfresco-explorer/m-p/273060#M226190 lista 2013-01-31T20:28:37Z https://connect.hyland.com/t5/alfresco-archive/custom-role-visible-in-alfresco-explorer/m-p/273061#M226191 <HTML><HEAD></HEAD><BODY><SPAN>Hello,</SPAN><BR /><BR /><SPAN>first of all, which Alfresco version are you using for your development?</SPAN><BR /><SPAN>Starting with Alfresco 4.0 and the introduction of SOLR, some permission checks (especially those performed on SOLR using indexed ACLs) are based on the "getReaders" method of the permission service, which uses a modified "Read" permission check (as far as I know without using implied permissions as would required in your case) to determine who can access the specific node.</SPAN><BR /><SPAN>To my knowledge, this way of permission checking is mostly limited to filtering of result sets retrieved by SearchService.query and mostly in the SOLR use-case. Since I do not know the usage pattern that you used to determine that your permission group was not working, it is hard to say if this is what does affect you.</SPAN><BR /><SPAN>Generally, I do not yet understand your reason(s) for replacing the "Read" with the granular permissions in your custom role. As long as you don't plan to provide only a subset of these permissions, I'd advise to use "Read" instead.</SPAN><BR /><BR /><SPAN>Regards</SPAN><BR /><SPAN>Axel</SPAN></BODY></HTML> Sun, 03 Feb 2013 14:47:46 GMT https://connect.hyland.com/t5/alfresco-archive/custom-role-visible-in-alfresco-explorer/m-p/273061#M226191 afaust 2013-02-03T14:47:46Z https://connect.hyland.com/t5/alfresco-archive/custom-role-visible-in-alfresco-explorer/m-p/273062#M226192 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><BR /><SPAN>thank you for your answer.</SPAN><BR /><BR /><SPAN>It's 3.4, Lucene. Replacing the "Read" with granular permissions was just a method to see where things stop working, since my custom role with granular permissions did not function. So I replaced granular permissions with "Consumer" role - it worked, I replaced "Consumer" role with "Read" permissions - it worked, I replaced "Read" permission with granular ones - it stopped working.</SPAN><BR /><BR /><SPAN>So I just tried to see whether I was missing a piece, somewhere.</SPAN><BR /><SPAN>I'll be sure to post solution as soon as I find it.</SPAN></BODY></HTML> Mon, 04 Feb 2013 10:26:14 GMT https://connect.hyland.com/t5/alfresco-archive/custom-role-visible-in-alfresco-explorer/m-p/273062#M226192 lista 2013-02-04T10:26:14Z