Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Managing Group Authorities as Regular User?

cjd
Champ in-the-making
Champ in-the-making

‎09-06-2010 05:19 PM

Hello!

I am developing an application where regular Alfresco users will need to be able to create and manage groups comprised of other system users through web scripts.  I was thinking that using a regular user group (usr:authorityContainer) might work for this task, but I'm not sure…   I know the PeopleService API and Javascript API's allow me to create/edit/delete user groups programmatically, but from what I've seen, it looks like the person executing those actions needs to be an Alfresco admin, and I need regular users to be able to create these user groups themselves, and then add/delete members from the group they just created.

I'm wondering - has anyone done this sort of thing before?  Is it possible to give a regular user Ownership or Editor rights for a usr:authorityContainer group node such that they can edit the membership of that group?  Or would I be better off just developing a custom content model type for these user groups instead?
Labels:
0 Kudos
3 REPLIES 3

mrogers
Star Contributor
Star Contributor

‎09-06-2010 07:17 PM

Yes you are right that managing groups requires admin access.    However you can write a script or a piece of code that "runs as" admin.   Your script can then do the work to the groups.     Of course you have then opened up group admin to everyone so you may want to control access to your script either by code or by permissions.
0 Kudos

cjd
Champ in-the-making
Champ in-the-making

‎09-06-2010 08:23 PM

Thanks for the response!

I am familiar with "runas", and I agree with you that using runas=admin could definitely cause some security "complications" which would need to be addressed in my app code… I'll need to think through that a bit more to figure out how feasible that might be, although my gut says I'm probably better off avoiding those issues…

If I look at a usr:authorityContainer node in the node browser, I see a property that lists all the members of the group, but I don't see any property tracking who created the group.  I also see that there are READ permissions granted to "GROUP_EVERYONE", but no explicit write permissions assigned to anyone.  So, I guess what I'm really wondering is, can explicit write permissions be granted to a regular user on the usr:authorityContainer node to enable that user to modify the properties of the node without needing to resort to runas=admin?  Or would it not even matter if a regular user could write to the node because the API calls themselves require that the script be executed by an admin?

I'll see what I can find on my own, of course.  Although, if you happen to know off the top of your head, it'd be much appreciated Smiley Happy

Thanks again.
0 Kudos

jcoon
Champ in-the-making
Champ in-the-making

‎06-27-2011 04:21 PM

This would be a useful feature. Right now my only good workaround is to give users that need to modify groups full admin access…. that isn't a very professional solution. Alfresco should have a built-in option to grant a specific Group of users permission to edit specific user groups.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC