Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco Security Model

rdanner
Champ in-the-making
Champ in-the-making

‎11-30-2005 05:52 PM

I have a quick question for you guys:

In the web app all of the security assignment is at the space level.

Users are assigned to spaces then assigned roles.  This seems very ganular but a little bit wierd to me.

I was kinda expecting there to be something like:

we add roles to the system
we add users to the system

we assign roles to users

we assign roles to spaces
we assign a user to a space as a corner case

In the current system we have to add a user to a space then assign a role at each space.  Seems a little bit like a management nightmere.  If tomrrow i decide Joe is no longer an editor I have to run around to all of the possible spaces that he may be assigned to and assigned the editor role and remove it. (as apposed to going to the user manager and removing his editor role)
Labels:
0 Kudos
1 REPLY 1

andy
Champ on-the-rise
Champ on-the-rise

‎12-01-2005 04:57 AM

Hi

The permissions model can be summarised as:


Authority  -  assigned  -   Permission           -    on a node   - deny/allow
  |                             |
User                       Permission
Group                      Set of permisoins

Permissions are inherited by child nodes by default.
Any allow allows (as opposed to any deny denies)

In the UI, we refer to roles, they are really sets of permissions.
We only expose "allow" and "clearing" permissions.

An editor needs the lower level read/write/… permission sets.
The read permission set has the read-children and read-properties permissions. These low level permissions are used to control service level access.

So you can define what the set of permissions given to an editor are and change these. May be you want them to be able to undo check out….or not….

Group support is not present in the open version. In the next release of the open version you can assign permissions and permission sets to users. In the next pro/enterprise release you also get groups and group management.

So you can assign permission sets (or roles) to groups for maximum flexibility. If you want to define editors globally then you can create a group and assign the appropriate editor permission globally regardless of which node. Global permissions are currently defined in config.

Regards

Andy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC