topic removing certain privileges from the role in Alfresco Forum

removing certain privileges from the role

aniruddha — Mon, 23 Apr 2018 09:39:41 GMT

hi ,i am trying to remove the delete option for his qwn document from contributor .How can it be done .

Re: removing certain privileges from the role

afaust — Mon, 23 Apr 2018 11:10:40 GMT

This can easily be done by implementing a policy / behaviour to set the document owner to the NO_OWNER (empty string) special value. A contributor does not by itself have the privilege to delete any document - that only is granted by the fact that the creator of a document is by default its owner, and gets delete privileges via the OWNER role.

Re: removing certain privileges from the role

aniruddha — Mon, 23 Apr 2018 12:29:08 GMT

i don't want to give delete privileges for Contributor role .

and not even to his own file. Please explain through step by step

Re: removing certain privileges from the role

afaust — Mon, 23 Apr 2018 12:51:45 GMT

Even better: I can point you to a decent tutorial on how to write behaviours / policies.

When you understood that, then you only need to use the OwnableService to set the owner to OwnableService.NO_OWNER for any documents you need to handle. BE CAREFUL: Do not apply this logic to ALL documents in Alfresco, only those you really need to handle. Otherwise you will break your system i.e. if you remove owner privileges from technical documents (thumbnails, preferences...). One option is to use the SiteService to check if the node is part of a specific site you want to handle, or even contained in a documentLibrary, and use NodeService + DictionaryService to check if the node may be a thumbnail which you wouldn't want to handle.

Re: removing certain privileges from the role

aniruddha — Mon, 23 Apr 2018 13:10:32 GMT

how to achieve user based access control in alfresco

Re: removing certain privileges from the role

afaust — Mon, 23 Apr 2018 14:41:44 GMT

... by assigning permissions on nodes to users? I am not sure I understand that question. Maybe it is just too trivial a thing that I don't understand what problem you could have understanding.

Re: removing certain privileges from the role

aniruddha — Tue, 24 Apr 2018 04:35:36 GMT

i meant that how can we set permissions based on user id ,not on thier roles??

Re: removing certain privileges from the role

afaust — Tue, 24 Apr 2018 10:14:27 GMT

That does not make it clearer. What you are describing IS "assigning permissions". Technically speaking there is no "role" in Alfresco. "Contributor" is just a permission that has been set for a particular user / group on a particular node, and which is inherited through the hierarchy. The permission "Contributor" includes other, more fine-grained permissions, like "AddChildren", which allows to create new nodes into existing structures. When you only want to deal with the low level (granular) permissions, than you'd need to customise the UI to expose those and only use these for permission assignment instead of the high-level "Contributor" one. The process would still be the same - assign permission X to user / group Y on node Z either via the "Manage Permissions" action in the UI or the PermissionService.setPermission() operation in Java code (or indirectly via a ReST API).

Re: removing certain privileges from the role

rupeshsawaliya — Tue, 24 Apr 2018 11:18:25 GMT

Hi,

I got your problem but Alfresco is designed in a way in which you will have to provide permission/role on node level, not to the entire system.

which ever user you want to give whatever permission or role you can but at node level not at the entire Alfresco repository.

Refer this URL for detailed permission for various roles and sections of Alfresco User roles and permissions | Alfresco Documentation
In this URL you can go through Content Permissions

Best Regards,

Rupesh Sawaliya

EnProwess Technologies

Re: removing certain privileges from the role

aniruddha — Tue, 24 Apr 2018 11:41:35 GMT

i cant get it properly

Re: removing certain privileges from the role

afaust — Tue, 24 Apr 2018 14:16:16 GMT

Using the concept of DynamicAuthority you can basically implement user-only based permissions on the entire repository. This requires some Java development and working around registration issues (Alfresco did not intend that to be a public extension point). It is best used only for permission not involving the base READ access ones, because as soon as there is a single DynamicAuthority relating to READ, a critical optimisation Alfresco has in place for SOLR / query ACL checks will be disabled...

Re: removing certain privileges from the role

aniruddha — Wed, 25 Apr 2018 11:30:06 GMT

for new custom role how to give permissions like write, delete, view etc

Re: removing certain privileges from the role

rupeshsawaliya — Wed, 25 Apr 2018 13:50:49 GMT

Hi Aniruddha,
See if this link Custom Permission can help.

Regards,

Rupesh Sawaliya