topic Re: Security and Searching functionality in Alfresco Archive

Security and Searching functionality

amal — Mon, 03 Oct 2005 08:38:03 GMT

I faced some problems while evaluating the alfresco features.1. I need to know, once you implement the security model can we exclude a particular user from accessing a document even though the user belongs to a group which has access to that resource (without removing the user from the user-group)2

Re: Security and Searching functionality

derek — Mon, 03 Oct 2005 13:14:06 GMT

Hi,

2. Can we introduce new content types for the full text search. For example I tried to perform a search based on the content of a help file( which is in compiled html format .chm), but it didnt work. Is there a way for us to introduce new content types to the full text search engine.

Yes. The component that performs the extraction needs to implement the ContentTransformer interface, after which it can be plugged into the ContentTransformerRegistry.

3. Does it provide a way to integrate alfresco systems which are geographically seperated.

What type of integration did you have in mind?

Regards

Re: Security and Searching functionality

amal — Tue, 04 Oct 2005 07:12:22 GMT

Thank you very much for sharing that information with me.

Our company has several branches in serveral countries of the world. If we install a one server per one location, we will have to integrate these systems using some kind of a integration mechanism(For an example a federated search which can search documents in all the sites). Does alfresco provide a mechanism to integrate these geographically seperated systems?

Thanx in advance,
Amal.

Re: Security and Searching functionality

paulhh — Tue, 04 Oct 2005 09:40:29 GMT

Hi

We are planning to do federated search - as always it's a question of when. We'd like to do it soon, and will go for a simple approach of querying all requested repositories and aggregating the results. Even in this there can be complexity - how do you rank search results from different repositories where their rank is really only meaningful against other ranks in the same repo. Initially, we won't try and solve all these problems - just get a basic capability working. In the longer term we'd like to be able to federate to other non-alfresco repositories (initially through JCR) and look at things like XQuery as the information aggregation framework for this.

Cheers
Paul.

Re: Security and Searching functionality

andy — Tue, 04 Oct 2005 10:13:13 GMT

1. I need to know, once you implement the security model can we exclude a particular user from accessing a document even though the user belongs to a group which has access to that resource (without removing the user from the user-group)

This is not possible with the current implementation.

There is support for deny. But this denies only the permission for the authority (user/group…). If there were group access for the user, denying the user access does not deny the group access. We could expose altering this behaviour in config. We could have any deny results in access denied rather than a deny revoking a specific grant.

At the moment, deny is not exposed in the UI.

It does sound like you may have two groups? It is difficult to say without the wider use case. Why is the denied user special for this file?

Regards

Andy

Re: Security and Searching functionality

omegerard — Wed, 11 Jan 2006 15:56:18 GMT

Hi,

I want to take up this thread, because I think I may be able to propose an appropriate use case.

Suppose I have two football teams:

TeamA
TeamB

These are the members:

TeamA: A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11
TeamB: B1, B2, B3, B4, B5, B6, B7, B8, B9, B10, B11

Both teams have 11 and 12 year old players:

11y: A1, A4, A5, A8, A10, A11, B1, B6, B7, B8, B9
12y: A2, A3, A6, A7, A9, B2, B3, B4, B5, B10, B11

Now, when I would like to reserve a space for all the documents that can be accessed by all the 12 year old players of TeamA . I could give read (guest) access to the group TeamA and exclude the group 11y.

That would save me the creation of two new groups TeamA-11y and TeamA-12y.

Does this make sense?

Would it be a reason to provide (expose) the "exclude" functionality?

Re: Security and Searching functionality

andy — Thu, 12 Jan 2006 12:03:02 GMT

Hi

"Any deny" denies and "any allow" allows are both valid models.

If you assign permission to groups ….and then for some things exclude some members then ….

1) You need to use finer grained groups as you suggest, and that may be a pain.
2) We could have a permission entry that requires "the intersection of groups"
3) You could use a dynamic authority for OVER12 if you hold the date of birth somewhere, so you do not have to manage the group.

4) You could split you documents into a structure to get the same thing as intersection, and also use a dynamic authority related to age.

All teams
|- Team A
        |- Age 11
        |- Age 12
|- Team B (allow read for team B)
        |- Age 11
        |- Age 12 (allow read for age 12)

Assign access permission on team at the top directory
Assign access on age group at the next level ….

You need to have a permission that lets you access the Age 12 directory AND a permission at each node above (unless you disconnect permission inheritance). This will give you "Age 12 and Team B."

Regards

Andy

Re: Security and Searching functionality

cwetto — Tue, 20 Mar 2007 11:21:04 GMT

Hi,

2. Can we introduce new content types for the full text search. For example I tried to perform a search based on the content of a help file( which is in compiled html format .chm), but it didnt work. Is there a way for us to introduce new content types to the full text search engine.

Yes. The component that performs the extraction needs to implement the ContentTransformer interface, after which it can be plugged into the ContentTransformerRegistry.

Hi!

Do you have plan for adding CHM mime type in distro?
Or is there any How to explaining adding procedure?
I have a couple of troubles adding CHM:
- adding to /opt/Alfresco/tomcat/shared/classes/alfresco/extension/mimetypes-extension.xml not working, I have ot add to orig. config file
- how to add icon for CHM type ?
- how to enable indexing CHM files ?

regards

c

Re: Security and Searching functionality

andy — Wed, 21 Mar 2007 12:36:35 GMT

Hi

If the mime type is defined and an appropriate transformer can be found then the content will be indexed.

Andy