Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Inheritance of Parent Space Permissions not set in RM 3.4b

aman
Champ in-the-making
Champ in-the-making

‎11-02-2010 04:54 PM

Hi.
I'm posting this here first before raising it as a bug, just in case I'm being dumb!

I've performed a fresh Alfresco 3.4b install on W2K3 (don't event try 3.4a if you're interested in CIFS on a Windows server), and have setup RM and imported the Example DOD site data.  I've added 'admin' to the Records Manager group.  So far so good - admin can browse the FIleplan and file records, etc.
The problem is with other users viewing the contents of the RM site.

I've added my test user to the Records User group.  But when this user accesses the FIleplan, they see no content (at all).
I've discovered that this is because, when viewed from Alfresco Explorer, all the RM site spaces below the "documentLibrary" node DO NOT have the "Inherit parent space permissions" ticked.  i.e. they have no space users defined.  It I tick this, lo and behold, my users can see that space/content in RM!

They same problem occurs even when I create a new Series/Category/Folder (as admin) from within RM.  When I go back to Alfresco Explorer and check, it wasn't created with Inherit Parent Permissions set, so again, no one can see it.  Interestingly, if I create a Space under the RM documentLibrary directly from Explorer, it IS created with "inherit parent permissions" set, so it seems like the RM module is doing this on purpose….

Is there a reason for this?  Is there something somewhere I'm meant to set?

Thanks,
Aman
Labels:
0 Kudos
3 REPLIES 3

rwetherall
Confirmed Champ
Confirmed Champ

‎11-03-2010 11:30 AM

Hi,

Yes, you are right.  The inheritance of permissions is purposefully turned off in the file plan.  This is to allow fine grained control of who can and can not see records within the file plan.

If you want a new user to be able to see areas of the file plan then the records management administrator must explicitly give them permissions.  Access given at, for example, a record series level is then copied down the current file plan structure as you would expect, but if new folders are added after this permission has been set then this user will have to also be granted access manually to this new folder or they will not see it.

This may all sound a little long winded and paranoid, but it was deemed better to, by default, withhold access to records to ensure no one who has access to a file plan could ever see a record they had not explicitly been given access to.

To set the permissions, log in as an rm admin and look for the appropriate action in the share UI on the folder you want to grant access to.

Thanks,
Roy
0 Kudos

aman
Champ in-the-making
Champ in-the-making

‎11-03-2010 04:10 PM

Hi.  Ok thanks, I'll give that a try.

I do feel that is is a little odd, though.  After all, the RM module sets up the "Records User" group (along with all the other records groups), and by default there are no members in any of these groups - so no one can accidentally access the site anyway - they have to have been added to one of the records management groups. This "feature" appears to have been added in 3.4 - it didn't work like this in 3.3.

I'm not on site today, so will try your suggestion next week.  I didn't notice any folder permissions functions in the RM Share interface - but I'll take a closer look…

Thanks,
Aman
0 Kudos

aman
Champ in-the-making
Champ in-the-making

‎11-09-2010 02:41 PM

Ok, after a bit more experimenting I think I understand how this works - in addition to an individual just being a "Records User" (say), you also need to be able to specify (of course) which parts of the file plan the given user can access/operate on.  When you use the "Manage Permissions" as an admin from within the File Plan, the changes you make are applied, and inheritance is turned on - but only for Series and Categories - Folders seem not to be created with inheritance at all(!) - they get what looks like a Local copy of the parent's inherited permissions…

Note of caution - The "Manage Permissions" function is implemented slightly different under RM File plan than in the Share Repository Browser - although they superficially look the same - it would appear that you shouldn't use the Repository Browser for managing permissions, as it doesn't apply the above rules.
If you want to manually turn on/off inheritance, you seem to still be able to do this from Alfresco Explorer.

cheers.
Aman
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC