Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

How to revoke permissions on a document

gc_yerbabuena
Champ in-the-making
Champ in-the-making

‎06-01-2007 08:08 AM

Hi

Does the method removePermission really apply on documents, or it only works with spaces?

I am trying to make up a "private" space where everybody can drop documents but nobody (except for admin) can read them.

After executing this script (due to a rule)

document.removePermission("Read");document.removePermission("Write");document.removePermission("Delete");document.removePermission("AddChildren"); /* <– not sure about this */document.setOwner("admin");space.removePermission("Read");‍‍‍‍‍‍‍

I expected the document to be unaccessible but "guest" is still able to find and read that document.

Is this a bug or did I get it wrong?
Labels:
0 Kudos
6 REPLIES 6

kevinr
Star Contributor
Star Contributor

‎06-01-2007 10:18 AM

The removePermission() API applies to the current user. Security in the repository consist of a Permission (i.e. READ) and an Authority to apply it to (e.g. EVERYONE or admin or Guest). The API you are using - removePermission() - applies to the current user who is executing the script. You want to use removePermission("Read", "EVERYONE") or similar. Also you can only remove permissions that have been specifically applied. If the node is inheriting permissions from the parent then attempting to remove a permission that is infact inherited from the parent will have no effect.

Hope this helps,

Kevin
0 Kudos

gc_yerbabuena
Champ in-the-making
Champ in-the-making

‎06-01-2007 12:13 PM

Thank you Kevin, I finally achieved it.

The container was not inheriting permissions. Instead I had granted "Contributor" role for group "EVERYONE". The problem was that I believed doing…

space.removePermission("Read");‍

…would prevent documents to be accessed, but it seems to be useless revoking "Read" access when you have "Contributor" role.

Since documents inherits by default their container permissions, "guest" was able to read them.

I changed my script and now it works: The space itself is "readable", but the documents are not.

// Prevent public access to a documentdocument.removePermission("Read");document.removePermission("Write");document.removePermission("Delete"); document.setInheritsPermissions(false);document.setOwner("admin");‍‍‍‍‍‍

I thought it might be useful for someone else.
0 Kudos

slothrop
Champ in-the-making
Champ in-the-making

‎08-21-2007 12:37 PM

Under what conditions can I use 
document.setInheritsPermissions(false); document.setOwner("admin");‍‍

or

document.setInheritsPermissions(false); document.setOwner(editorInChief);‍‍

where editorInChief is the user name of the only member of the group "Editor-in-Chief."

Every time I try to do this I get an error that says
You do not have the appropriate permissions to perform this operation.
0 Kudos

kevinr
Star Contributor
Star Contributor

‎08-22-2007 04:58 AM

Only users who have the ChangePermissions permission - this is only going to be the "Owner" of a node or someone with the 'Coordinator' role or an admin user.

Thanks,

Kevin
0 Kudos

shanford
Champ in-the-making
Champ in-the-making

‎10-31-2007 04:25 PM

I am still on the steep climb learning how to use Alfresco.  Could you please direct me where/how I would implement the code below to perform this function?  I understand how to assign rules to spaces, but I am not certain how I would go about adding this.

Any help would be greatly appreciated.

Thank You!

I changed my script and now it works: The space itself is "readable", but the documents are not.

// Prevent public access to a documentdocument.removePermission("Read");document.removePermission("Write");document.removePermission("Delete"); document.setInheritsPermissions(false);document.setOwner("admin");‍‍‍‍‍‍
0 Kudos

kevinr
Star Contributor
Star Contributor

‎11-09-2007 11:01 AM

As the admin user, navigate to the folder /Company Home/Data Dictionary/Scripts. Create New Content of plain text, and enter the code above as the content. Then save the content as "somescript.js" or whatever you want to call it. Then when you create the rule, select Script rule type and a drop-down list of the available scripts (from that folder) will appear, select the script you want.

If you want to execute the script directly, you can get the Alfresco NodeRef (the unique identifier for that piece of content) of the script from the Details page for it. Then you can execute the script directly via URL by building up a URL to it, as per these instructions:
http://wiki.alfresco.com/wiki/URL_Addressability#Script_Command_Processor

Hope this helps,

Kevin
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC
Top