Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FIXED and GLOBAL ACLs

aweber1nj
Champ in-the-making
Champ in-the-making

‎07-04-2012 10:31 AM

Reading "Professional Alfresco…" by Caruana, Newton, Farman, et. al., there is mention of four classifications of ACL (pg 120) : DEFINING, SHARED, FIXED, GLOBAL.

However, the text only describes in some detail how ACL inheritance works with DEFINING and SHARED ACLs.  It devotes only a few sentences (pg 121) to a high-level description of FIXED and GLOBAL ACLs, with no further implementation, example or usage details I could find.

Is there any reference on how to define and use these FIXED and GLOBAL ACLs?  I think I would like to leverage them to explicitly define the ACL on some objects – typically Folders – such that I have a direct way of defining the precise ACL for that level of the repository tree…at least at that object.

I would basically be fine with ACL inheritance for the most-part.  Just would like to be able to explicitly set an ACL where necessary (by name, because it's very convenient and straightforward).  If that's in the middle of a folder-tree, I guess I'd have to figure out whether Alfresco would re-propagate the ACL to all the sub-objects…but that's getting ahead of the main question.

Thanks for any guidance/pointers.
-AJ
Labels:
0 Kudos
1 REPLY 1

afaust
Legendary Innovator
Legendary Innovator

‎07-10-2012 06:36 PM

Hello,

ACLs of types DEFINING and SHARED are the major players in the standard Alfresco DM repository. I don't even know if it is possible to use FIXED / GLOBAL ACLs without writing your own DAO / SQL code, as the Alfresco permission services and ACL DAOs fully abstract from the internals of ACLs. As a professional Alfresco developer / architect of several years, I personally wouldn't dare to try and fiddle with this kind of internals - I have already spent too much time and sanity just wrapping my head around the dynamics of ACLs (not the static and thus simple analysis of SHARED / DEFINING, but how they interact during modification) when analyzing permission bugs. Just thinking of the maintenance / upgrade effort makes me sick. Sooner would I implement my own ACL management component…

For any practical use case, you should not need to work with ACLs directly. The PermissionService provides everything you ever need in 99.9 % of all use cases.

Regards
Axel
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC