Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Assigning different permissions to sub-folders

lpiguet
Champ in-the-making
Champ in-the-making

‎11-13-2008 10:15 AM

I am facing a seemingly common permissions problem that I don't seem to be able to solve with Alfresco's model.

Here is the setup:

Project X
– [potentially many folder levels]
— Folder A
— Folder B
— Folder C    ("consumer" access for all members of group G)
   — SubFolder C1 ("coordinator" access for members of subgroup G1)
   — SubFolder C2 ("coordinator" access for members of subgroup G2)
   — SubFolder C3 ("coordinator" access for members of subgroup G3)

We also have:
Group G
   - Subgroup G1
   - Subgroup G2
   - Subgroup G3

The people in group G (or rather in the subgroups) are all working on stuff in Folder C. Subfolders C1,C2,C3 contain material restricted to each subgroup. Each subgroup may have access to several subfolders, so I need to give them all the same link pointing to Folder C.

When they access Folder C, I only want them to see the subfolders they have access to.

How do I implement this?

If I uncheck "inherit parent permissions" at the subfolder level, I lose lots of other permissions set way above in the tree (people that have access to everything, people that have access to this branch, etc…). I therefore have to re-grant all of these permissions down at this level. It's potentially very confusing and time-consuming.

If I leave "inherit parent permissions" at the subfolder level, I don't have any way of restricting access for the unwanted subgroups, since they inherit this access from the level above (Folder C).

A solution would be to selectively not inherit permissions, rather than globally. So I could specify that I don't want to inherit the Group C permissions, and voilà, everything else remains, including the permissions coming from way above.

Does anyone have any idea on how to do this?

Thanks,
Laurent
Labels:
0 Kudos
5 REPLIES 5

amernet
Champ in-the-making
Champ in-the-making

‎03-06-2009 06:31 PM

Hi,

Wonder if you found the solution yet? I'm having the same problem as well.

Thanks!
Charles
0 Kudos

tamoracing
Champ in-the-making
Champ in-the-making

‎10-25-2011 11:47 AM

Hi, i'm having the same problem too.

Someone found the solution?

thanks
0 Kudos

progne
Champ in-the-making
Champ in-the-making

‎10-26-2011 02:33 PM

Very similar issue here, look forward to a solution.
0 Kudos

venkateshprovos
Champ in-the-making
Champ in-the-making

‎05-11-2016 07:30 AM

Hi,
   I am too facing the same issue,if any of the user in this forum who had sort out the solution kindly share it.

Thanks,
      Venk
0 Kudos

steven_okennedy
Star Contributor
Star Contributor
In response to venkateshprovos

‎05-11-2016 06:32 PM

Hi,

Obviously an old post here, but still a common issue.  This can be implemented, but with a technical solution that's not all that clean - i.e. you can't do it directly using the Share UI.  You can use a different type of permission called a DENY permission on the subfolders to deny all members of group G access to the subfolder and then add an ALLOW permission for the relevant subgroup.  Ordering of the two permissions is important as put them the wrong way and the DENY will take full precedence and no one will have access.

DENY permissions are not supported by the Share UI but the repository does, but you'll probably need to use the low level Java APIs to go and do this so it's not an easy solution to do or to set up with every new folder structure you set up. It may be worth taking the pain to just turn off inherit permissions on the subfolders and apply what's needed

Definitely worth thinking long and hard over before jumping into

Regards

Steven
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC