Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to restrict admin user access to some content

jzulu2000
Champ in-the-making
Champ in-the-making

‎05-02-2008 10:02 AM

Hi

As far as I know, alfresco grants full acces to the admin user; I mean, admin user can read, write, and do anytihing he wants with any document stored in Alfresco;
As a business requirement (or legal requirement maybe), there's some kind of information that can not be accessed by any other person that the one who has an specic role in the company; it leads to an implementation in wich admin user CAN NOT read that documents.

Does anybody know how to protect some documents not to be accessed by the admin user, just grant access to an user with an specific role?

The second problem we have, is that admin user can assign itself the specific role to access that documents and then unassign itself that role; is there any way to track this?

Maybe I'm blinded.. any other ideas?

Thanks a lot!!!!
Labels:
0 Kudos
1 REPLY 1

nyronian
Champ in-the-making
Champ in-the-making

‎05-06-2008 10:02 AM

It seems to me that the admin user MUST be a trusted user.  You need to set up users/roles for everyone else to access only the portion of the systems and rights you wish them to have.  But, just like a system admin for a windows XP network, there is an admin that has access to ALL data on the system.  It is impossible to lock them out, nor would you want to.  If there is a problem, you would want an admin to be able to fix the problem.

Several years ago I worked for a company that had a finance/payroll system that was programmed in-house.  That meant that the programmer had access to sensitive information about payroll.  For the most part everyone was oblivious, but one day it came to light with managment.  There was a huge issue made of it, that he cannot have access to the sensitive information.  Well, it was impossible for him to do his job and maintain the system otherwise.  The only solution at the time was for hime to become a trusted source, or they needed to hire a programmer that would be.

So, the only way to handle this situation is only a trusted source has the admin password, Just like the admin of the network has access to all network files.

All other users you place in a box and remove security rights.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC