Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hiding Sites from external users

dcoales
Champ in-the-making
Champ in-the-making

‎06-09-2011 11:18 AM

Hi,

I am evaluating Alfresco and have a configuration question.  I want to set the system up so that internal users can see all sites but external users (i.e. our clients) can only see the sites to which they have been invited.  At the moment the external users can search for sites, get a complete list and request to join other sites.  I don't want customer A to even know that we are working with customer B and they shouldn't even be able to see therefore that a customer B site even exists.

To try to solve this I removed the EVERYONE consumer permission from the 'sites' source in the repository, created a user group called customer A, assigned all the external users from that customer to that group and then gave the customer A group consumer privileges on the customer A site below the 'sites' source.

This seemed to be working except I am now getting lots of permissions errors on the sites dashboard page (and other pages - with long complicated warnings about acegi security permissions) when I log in as one of these test external users.

It seems that Share expects all users to have at least consumer privileges on the root 'sites' space but I can't then see how to hide other sites from external users.

Can anyone point me in the right direction.

Many thanks,
David
Labels:
0 Kudos
5 REPLIES 5

jpotts
World-Class Innovator
World-Class Innovator

‎06-09-2011 11:24 AM

You should let everyone see the Sites space but remove permissions from specific sites.

For example, if you create a private site, no one, not even internal users, will know that site is there unless they are invited.

Instead of that, it sounds like you want to have semi-private sites in which internal users see everything but external users see only what they are assigned to. To do that, maybe you should create an EVERYONE-INTERNAL group (or something similar) that would not contain your external users, and add that to each site. Then, make sure the EVERYONE group doesn't get added to each site. If you then add the customer-specific groups to the customer sites, they'll only see what they are supposed to.

Jeff
Jeff Potts
https://www.metaversant.com | https://ecmarchitect.com
0 Kudos

dcoales
Champ in-the-making
Champ in-the-making

‎06-09-2011 11:39 AM

Thanks very much.

I had in fact tried something similar already.  What I missed is that Share automatically adds a local EVERYONE group with consumer privileges to each site when it is created.  I thought the EVERYONE permissions were being inherited when in fact they are local. 

Is there a setting to change this behaviour otherwise we will have to remember to very quickly go into the Alfresco Explorer to modify these default permissions each time we create a site and hope that no external customer just happens to do a search before we have changed the permissions (pretty unlikely I know but if something can go wrong ……).

Thanks,
David
0 Kudos

mrogers
Star Contributor
Star Contributor

‎06-09-2011 11:48 AM

You can make sites private in which case they don't show up to non members.    However I don't think there's any easy way to control the default permissions other than by a small change to the code of the SiteServiceImpl.

Another option may be to have two instances of alfresco,  a public one for your clients and a private one for your internal users.   Or possibly a tennant for each client.
0 Kudos

dcoales
Champ in-the-making
Champ in-the-making

‎06-09-2011 12:05 PM

Ok, I might look at that.  We are in fact a software house writing java applications using Spring, Hibernate and tomcat so there wouldn't be any technology learning curve 🙂 I'm just a little wary of getting off the main upgrade path.  I'll probably stick with a procedural workaround for now.

In general though I don't know if you have put much thought into this kind of use case on your road map i.e. that many projects are shared spaces between internal team members and clients and client access and functionality permissions should be much more restrictive.  It looks to me as though Alfresco is much more geared to internal teams by default.  I don't want to have to run separate instances or tennants since the majority of users (i.e. internal ones) will then need to be set up many times.

With external customers there are a few things that I would like to change i.e. when searching for people they can only see people in the projects to which they have been invited, they do not have the rights to create new sites etc. I'm only just starting the evaluation so I suspect I will come across other features I don't want my customers having access to as I go along and hopefully I will find ways to turn them off.  It would be nice though to be able to flag a user as external and have a certain set of functionality automatically removed once that flag is ticked.

Cheers,
David
0 Kudos

dcoales
Champ in-the-making
Champ in-the-making

‎06-09-2011 12:49 PM

I don't know if you've seen this http://wiki.alfresco.com/wiki/Site_Service_3.4.  I tried it but it didn't work.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2026 Khoros, LLC