Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

cut from Cmpany Home then paste somewhere

cts_sergiu_dunc
Champ in-the-making
Champ in-the-making

‎12-08-2006 07:26 AM

Hello,

Even if we give Consumer right for all users on Cmpany Home root folder  - a Collaborator user on a top space is able to cut and paste that top space in some other place where he has write permission. Is it possibile to avoid this by configuration or is this some how a design feature ?

Thanks
Sergiu
Labels:
0 Kudos
9 REPLIES 9

andy
Champ on-the-rise
Champ on-the-rise

‎12-22-2006 06:45 AM

Hi

If some one can read stuff they can copy it. They will only be able to copy what they can read if content is excluded by not inheriting permisisons.

Regards

Andy
0 Kudos

cts_sergiu_dunc
Champ in-the-making
Champ in-the-making

‎12-22-2006 10:21 AM

Yes, but the problem here is CUT operation. We don't want that collaboratos on sub-root spaces to be able to remove the content from the root company home space folder where ever will they paste it.
0 Kudos

cts_sergiu_dunc
Champ in-the-making
Champ in-the-making

‎01-03-2007 05:41 AM

Happy New Year!

It's also possible for a Collaborator to remove a space of him even if he is only a Consumer on the parent space. It is quite a bad thing for us.. Can this be avoided or fixed somehow for not to be possibile to happen anymore ?


Thanks
Sergiu
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎01-05-2007 11:29 AM

Hi

Does the person own the node?
If so they will have all rights to the node, including delete.

It is possible to set up restrictions for the parent in the definition of the permissions or on the security wrappers for the public APIs. In public-service-security-context.xml.

Regards

Andy
0 Kudos

cts_sergiu_dunc
Champ in-the-making
Champ in-the-making

‎01-08-2007 01:00 PM

I am very sorry for my miss-specification. We are using a customized Collaborator Role with Delete permission added:

         <includePermissionGroup permissionGroup="Delete" type="sys:base"/>

We tried also the latest version of permissionDefinitions.xml and tried to use also DeleteChildren instead of Delete, above.

Still - with Delete in Collaborator - the node can be deleted without checking the permission on its parent and by using DeleteChildren above has no effect.
We really need a Collaborator role with Delete permission only on children of the space. We don't want a space to be removed by such custom Collaborators.

Is it any possibility out there ? Or is it possible to restrict Delete on the direct children of Root for all the Roles except Admin ?

Thank you.
0 Kudos

cts_sergiu_dunc
Champ in-the-making
Champ in-the-making

‎01-08-2007 02:37 PM

Tried also with by commenting out the permission check on Parent for DeleteNode:

<permission name="DeleteNode" expose="true" >
         <grantedToGroup permissionGroup="Delete" />
         <requiredPermission on="parent" name="ReadChildren" implies="false"/>
         <requiredPermission on="parent" name="DeleteChildren" implies="false"/>
         <requiredPermission on="node" name="DeleteChildren" implies="false"/>
</permission>

.. and keeping also Delete in Collaborator

<permissionGroup name="Collaborator" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Editor" type="cm:cmobject" />
         <includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
         <includePermissionGroup type="sys:base" permissionGroup="Delete"/>
</permissionGroup>

.. but the Delete is possible for the sub-root space for Collaborators even if they have only Consumer rights on the root space.

I do hope to find a solution for this.
Sergiu
0 Kudos

cts_sergiu_dunc
Champ in-the-making
Champ in-the-making

‎01-19-2007 09:44 AM

Ok, I updated public-services-security-context.xml according to our needs. As described earlier we grant DELETE to Collaborators and now DELETE and MOVE are forbidden if the executor does not have the DeleteChildren right also on PARENT.

However - we'd like also to hide CUT/DELETE icon/command from the web interface to meet our customized case. Could you give us some hint how (where) could we adapt also this ?

Thank you,
Sergiu
0 Kudos

kevinr
Star Contributor
Star Contributor

‎01-19-2007 02:45 PM

If you want to complete hide the icon (from all users?) then you can override the action group configuration that defines the actions available in various screens in the UI:
http://wiki.alfresco.com/wiki/Web_Client_Configuration_Guide
http://wiki.alfresco.com/wiki/Externalised_Client_Actions

Thanks,

Kevin
0 Kudos

cts_sergiu_dunc
Champ in-the-making
Champ in-the-making

‎01-20-2007 02:28 AM

No, we'd like to hide for some spaces and for users who:
- are collaborators on a space and have also DELETE right on that space
- the new PARENT rule denies to delete/move the whole space out of its place

This way we adapted the COLLABORATOR role adding him also the DELETE and MOVE rights even for the objects who do not own - but we deny these rights if the PARENT does not allow to delete children from him.

Thanks a lot for all your help.
Sergiu
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC