https://connect.hyland.com/t5/alfresco-forum/complex-permission-management-question/m-p/92120#M27295 <HTML><HEAD></HEAD><BODY><P>I am not aware of any addon that covers this specific constellation. Since permission schemes are typically extremely specific to the use cases of individual customers / users, I don't expect any addons to exist that automate such behaviour (granting read access up the folder tree to "reach" a specific folder where a permission has been granted), primarily because such automatisms would risk accidentally exposing critical information, and no developer would accept the risk of warranty / indemnity issues that could come with providing such a security-related addon. Neither does Alfresco really provide the tooling / framework to develop such automatisms. Only since Alfresco 5.2.x does a policy interface actually exist that could support that kind of logic, but it is neither marked as part of the public API nor are its invocations correctly implemented (it's an internal hack by an Alfresco engineer, really).</P><P></P><P>So, to keep things short: If you allow access on a specific folder for a specific user, you yourself must ensure that the user can actually navigate to that folder. This would mean&nbsp;ensuring that user is a member of the site, and potentially granting read permissions on ancestor folders, as well as disabling / fixing any inherited read permissions on other folders the user should NOT be able to access.</P></BODY></HTML> Thu, 01 Aug 2019 22:40:01 GMT afaust 2019-08-01T22:40:01Z https://connect.hyland.com/t5/alfresco-forum/complex-permission-management-question/m-p/92119#M27294 Hi AllWe have an Alfresco 5.2 Community implementation, where there is a complex hierarchy of folders under sites. Something like the below<IMG id="smileyfrustrated" class="emoticon emoticon-smileyfrustrated" src="https://migration33.stage.lithium.com/i/smilies/16x16_smiley-frustrated.png" alt="Smiley Frustrated" title="Smiley Frustrated" />ite A--&gt; Folder 1&nbsp; ---&gt; Subfolder 1, 2, 3 etc.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Folder 2 ---&gt; Subfolder 4, 5, 7 etc.It gets fairly complex, but the above is an over s Wed, 31 Jul 2019 16:30:59 GMT https://connect.hyland.com/t5/alfresco-forum/complex-permission-management-question/m-p/92119#M27294 villdre 2019-07-31T16:30:59Z https://connect.hyland.com/t5/alfresco-forum/complex-permission-management-question/m-p/92120#M27295 <HTML><HEAD></HEAD><BODY><P>I am not aware of any addon that covers this specific constellation. Since permission schemes are typically extremely specific to the use cases of individual customers / users, I don't expect any addons to exist that automate such behaviour (granting read access up the folder tree to "reach" a specific folder where a permission has been granted), primarily because such automatisms would risk accidentally exposing critical information, and no developer would accept the risk of warranty / indemnity issues that could come with providing such a security-related addon. Neither does Alfresco really provide the tooling / framework to develop such automatisms. Only since Alfresco 5.2.x does a policy interface actually exist that could support that kind of logic, but it is neither marked as part of the public API nor are its invocations correctly implemented (it's an internal hack by an Alfresco engineer, really).</P><P></P><P>So, to keep things short: If you allow access on a specific folder for a specific user, you yourself must ensure that the user can actually navigate to that folder. This would mean&nbsp;ensuring that user is a member of the site, and potentially granting read permissions on ancestor folders, as well as disabling / fixing any inherited read permissions on other folders the user should NOT be able to access.</P></BODY></HTML> Thu, 01 Aug 2019 22:40:01 GMT https://connect.hyland.com/t5/alfresco-forum/complex-permission-management-question/m-p/92120#M27295 afaust 2019-08-01T22:40:01Z