Hyland Connect

cdombrowski · ‎07-23-2010

Hey guys,

Having an issue accessing the RM portion of the Alfresco CIFS drive with any user other than an Alfresco admin.
Any of my RM users who aren't an Alfresco admin get an Access Denied message when hitting the RM folder, but they are able to navigate through the file plan via share.
I've added the user as an RM admin, RM manager, explicitly added them permissions on the file plan folders, but still are getting denied in the CIFS drive.

Am I missing something, permissions wise? Or are there security settings dedicated directly to the RM folder in the CIFS drive?

Any help would be greatly appreciated.

ps. Im running Alfresco Community 3.2 r2 on a windows server 03 box and we are accessing alfresco via share.

mathgallant · ‎11-25-2010

I also have this issue with 3.3g and 3.4b. I expect this should work as there is no mention of the contrary in the help file.

I've given up on the search feature and am now in the process of reading the forum one post at a time to find some help. The keywords are too common (RM, Record Management, CIFS)…

mathgallant · ‎11-26-2010

The way I see it, its by design. I'm not saying I agree, but the RM module does not seem to be CIFS enabled.

rwetherall · ‎11-30-2010

Hi,

This doesn't sound right. I would expect that RM users with the correct permissions should be able to browse the file plan from within CIFS.

Could you raise a JIRA issue (issues.alfresco.com) that indicates the steps required to reproduce this issue and we can take a closer look.

Many thanks,
Roy

jenniferh · ‎04-11-2012

Was there a JIRA written for this? Have these issues been fixed? I am seeing a ton of problems with CIFS and records management in 3.4.8 (Enterprise).

mrogers · ‎04-12-2012

I did a quick search of JIRA - doesn't look like the issues were raised.

If you are using Alfresco Enterprise then you should contact alfresco support.

jenniferh_home · ‎04-23-2012

Could someone please explain how to enable the correct permissions? I have added my user to the Records Administrator group, and to the site as a records manager. Based on information from support, I have also set the Read and File permission on the series folder (which, according to support, should - and seems to - propagate to all subfolders). My user is trying to open a file through CIFS that has been declared a record, and an Access Denied error results. My question is, *should* these permissions that I have enabled through Share be enough to allow my user to view this record? Or do I also need to go through the Share Repository and enable permissions there?

andy · ‎04-24-2012

Hi

CIFS FTP etc should all go throught the same permission checks.

However some CIFS clients do odd things (like make a copy of a file update the copy and then delete and rename it etc)
You may not be able to do this to the record (or in the file plan).
It is likely these extra operations are the issue - and violate the RM contract in some way - and it depends on your client.

Have you got the stack trace for the permission deny error?
What client are you using?

Andy

jenniferh · ‎04-24-2012

Hi Andy,

Thanks for your reply. We are using Windows XP Explorer for CIFS. I am not seeing any errors in the logs. However, I have turned on debugging for CIFS as instructed by support and see some errors reported in the debug output, such as the following:

10:09:31,746 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
10:09:31,747 DEBUG [org.alfresco.fileserver] [T1] NT Create AndX [0] params=[\Sites\rm\documentLibrary\testseries\testcat\test folder\content0.pdf,Open,acc=0x20089,attr=0x80,alloc=0,share=0x1,pid=5984,copt=0x40,seclev=2,secflg=0x0,BatchOpLck,ExOpLck,ExtResp]
10:09:31,751 DEBUG [org.alfresco.fileserver] [T1] Converted create to open for pseudo file \Sites\rm\documentLibrary\testseries\testcat\test folder\content0.pdf
10:09:31,752 DEBUG [org.alfresco.fileserver] [T1] Tx Data len=35
10:09:31,753 DEBUG [org.alfresco.fileserver]     0 - 00 00 00 23 ff 53 4d 42 a2 22 00 00 c0 98 01 c8   - …#ÿSMB¢"..À..È
10:09:31,753 DEBUG [org.alfresco.fileserver]    16 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 17   - …………..`.
10:09:31,753 DEBUG [org.alfresco.fileserver]    32 - 01 00 49 16 00 00 00 de de 00 8a 00 16 00 00 00   - ..I….ÞÞ…….
10:09:31,753 DEBUG [org.alfresco.fileserver]    48 - 00 00 00 00 89 00 02 00 00 00 00 00 00 00 00 00   - …………….
10:09:31,753 DEBUG [org.alfresco.fileserver] [T1] Error : Cmd = NT_CREATE_ANDX - Access denied

I have sent my log file to support. I can view the file through the website, but I can't open it through CIFS. However, I have found that if I set SiteManager permissions for my user on each folder in the rm directory through Share Repository that I am able to view the declared record through CIFS. Support is indicating that I should not have to go through Share Repository to set the additional permissions, which I why I posted the question here.

jenniferh · ‎04-30-2012

Shouldn't the evaulate function in WriteContentCapability be doing the same checks as are being done in FileRecordsCapability? That is, shouldn't it also be checking for whether or not the user is allowed to create or modify records in a cutoff folder before issuing a denial?

WriteContentCapability::evaluate is getting called when I try to copy/paste or create a file in a cutoff folder. Even if I have the capability Create Modify Records In Cutoff Folders, it is not allowing me to do so. In fact, in the case of creating a file in a cutoff folder, I encounter an infinite loop (File Explorer hangs while it is creating an infinite number of 0 byte files).

Hyland Connect

Accessing RM file plan Via CIFS