Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

I need an help on how can I implement a security level

diegop
Champ in-the-making
Champ in-the-making

‎01-28-2009 08:29 AM

Hi,
i have to customize an alfresco 3 labs in order to add a new "security level": each content will have one of 5 levels: NO SECURITY, RESERVED, VERY RESERVED, SECRET, VERY SECRET.

Each user will have a similar security level (that I will get it from an external LDAP).

So:
- every user with RESERVED security level associated will see contents with NO SECURITY and RESERVED levels.
- every user with SECRET security level associated will see contents with NO SECURITY, RESERVED, VERY RESERVED and SECRET levels.
and so on..

For now, I have added a custom property to "cm:content":


<type name="cm:content">
         <title>Content</title>
         <parent>cm:cmobject</parent>
         <archive>true</archive>
         <properties>
            <property name="cm:content">
               <type>d:content</type>
               <mandatory>false</mandatory>
               <!— Index content in the background –>
               <index enabled="true">
                  <atomic>true</atomic>
                  <stored>false</stored>
                  <tokenised>true</tokenised>
               </index>
            </property>
         <property name="cm:securityLevel">
            <title>Security Level</title>
            <type>d:text</type>
            <mandatory>true</mandatory>
            <constraints>
               <constraint ref="cm:filename" />
               <constraint type="LENGTH">
                       <parameter name="minLength"><value>0</value></parameter>
                       <parameter name="maxLength"><value>128</value></parameter>
                    </constraint>
               <constraint type="LIST">
                  <parameter name="allowedValues">
                     <list>
                            <value>NO SECURITY</value>
                            <value>RESERVED</value>
                            <value>VERY RESERVED</value>
                            <value>SECRET</value>
                  <value>VERY SECRETvalue>
                        </list>
                    </parameter>
                    <parameter name="caseSensitive"><value>true</value></parameter>
                 </constraint>
            </constraints>
         </property>
         </properties>
      </type>

and added a property to "cmSmiley Tongueerson" to store the security level of the user named "cm:securityId".


            <property name="cm:securityId">
               <type>d:text</type>
            </property>

for last, I have modified the JSP to view the security level of a user (correctly set by a custom LDAP importer) in the details page and I have modified the JSP for set every metatags of a content to add a select combo box for choosing its security level.

So, someone can tell me what is the best way to show to a user with security level X only the content with security level less or equal than X?
What customization I have to do on the permission model?

Thanks! And best regards.
Labels:
0 Kudos
2 REPLIES 2

t_broyer
Champ in-the-making
Champ in-the-making

‎01-28-2009 10:43 AM

The most efficient way is to use Alfresco's built-in security.

Create 4 nested user groups: RESERVED, contains VERY RESERVED, which in turn contains SECRET, which finally contains VERY SECRET (no need for a NO SECURITY group, GROUP_EVERYONE will be OK).
If a user is in level "SECRET", put it in the SECRET group. It will therefore also be in the "VERY RESERVED" and "RESERVED" groups, automatically, by "inheritance".

If a file or folder is "VERY RESERVED", set its ACLs to only allow the user group "VERY RESERVED" (this means do not inherit ACLs from the containing folder).

That's all, no customization needed, it "just works" out of the box, with the best performance ever.
Every other solution (e.g. dynamic authorities) will involve much more computations and be much less performant.

The tricky part would be doing all of this "automagically" if you want to (e.g. select security level from a combo box in the "edit details" page instead of using the "manage content users" page)
0 Kudos

diegop
Champ in-the-making
Champ in-the-making

‎01-28-2009 11:52 AM

The most efficient way is to use Alfresco's built-in security.

Create 4 nested user groups: RESERVED, contains VERY RESERVED, which in turn contains SECRET, which finally contains VERY SECRET (no need for a NO SECURITY group, GROUP_EVERYONE will be OK).
If a user is in level "SECRET", put it in the SECRET group. It will therefore also be in the "VERY RESERVED" and "RESERVED" groups, automatically, by "inheritance".

If a file or folder is "VERY RESERVED", set its ACLs to only allow the user group "VERY RESERVED" (this means do not inherit ACLs from the containing folder).

That's all, no customization needed, it "just works" out of the box, with the best performance ever.
Every other solution (e.g. dynamic authorities) will involve much more computations and be much less performant.

The tricky part would be doing all of this "automagically" if you want to (e.g. select security level from a combo box in the "edit details" page instead of using the "manage content users" page)

Thanks t.broyer, your help was precious and clear.

So now I have to customize a bit of Java/JSP/XML Alfresco's code to do all of this "automagically"…  Smiley Very Happy

Thank you again,
Diego
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC