Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Allow coordinator to create user

steel
Champ in-the-making
Champ in-the-making

‎03-02-2006 07:25 PM

I can't figure out how to give the coordinator enough priviledges to successfully create a user. The issue right now is that the coordinator is able to create the person using personService but fails when the coordinator tries to setPermissions on the newly created person. The command
this.permissionService.setPermission(newPerson, this.userName, permissionService.getAllPermission(), true);

fails and sends back a Access Denied. Inappropriate permissions.

I am using 1.2 RC1. Any help would be appreciated.

Thanks in advance.
Labels:
0 Kudos
2 REPLIES 2

andy
Champ on-the-rise
Champ on-the-rise

‎03-03-2006 02:35 PM

Hi

Apologies, I am not sure where you have got to and have missed some of this as it appears in several places….

To set a permission you would need the approprite permission for the node "ChangePermissions", which you do not have from the error.

The Coordinator permission group (role if you must) is normally assigned to a folder. It seems odd that an object level permission would include creating users for the repo as a whole.

You could assign someone as a Coordinator for the whole repo.
This permission can be assigned to people/groups as a global permission in the permissionDefinitions.xml. You may need a new permission group for this including ChangePermissions. This will allow more than adding a user…..

Currently only administrators can manage people.
I suggest you could have (and may be alfresco should have …) a permission associated with the person type like manage people.
This permission could then be assigned to people/groups as a global permission in the permissionDefinitions.xml. The person service could then be protected using this permission, without leaking more general permissions …..

If really you want some people to have full admin rights then you can add them to the admin group in the authority-services-context.xml.

Hope this helps

Regards

Andy
0 Kudos

steel
Champ in-the-making
Champ in-the-making

‎03-03-2006 02:49 PM

thanks for the reply.

I got around the issue by giving the person permissions to the person container node. 

What I am trying to do is create a role that allows a person to add(invite+create new) to a group and create subgroups of the group that they are the "admin" of. That person would not be able to control anywhere else.

I have created a new permissionGroup in sys:base called GroupAdmin that has the required permissions.  This GroupAdmin permissionSet is assigned to the appropriate method  in the public security xml file.

Is this an appropriate approach?

thanks.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC