Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: Permission Questions - Enterprise Network
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Permission Questions - Enterprise Network
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-12-2006 12:18 PM
Hi,
I have a few permission questions I was hoping to have answered:
1) It is my understanding that permissionDefinitions.xml is where you would essentially define an “ACL†that is associated with a type or aspect. Then that definition could be assigned to a user or group. Is this correct?
2) Currently out-of-the-box the following roles exist: Contributor, Coordinator, Editor, Guest. Is it possible to define a custom role, and assign custom permissions to this role, perhapse specific to a type or aspect? If so, could an example of how to do this be provided?
3) Could permissions be configured in such a way that a type and/or aspect would be available to one group, but not any others? Again, if possible, an example would be great.
4) Does security extend beyond types and aspects? For example, could you limit which actions a user can choose when defining content rules for their space?
5) Would it be possible with security, to have multiple conceptual “company homes†within the same Store? For example with the following space structure:
Then assume there were two groups Group1 and Group2. Group1’s “company home†should be Home 1, and for all intents and purposes appear to be the root for all users in Group1.
Similarly Group2’s “company home†should be Home 2, and users in Group2 should not be allowed to go up any higher.
Would this be possible? Or would it be better to just set up a separate Store for each Group?
Thank you!
-Ryan
I have a few permission questions I was hoping to have answered:
1) It is my understanding that permissionDefinitions.xml is where you would essentially define an “ACL†that is associated with a type or aspect. Then that definition could be assigned to a user or group. Is this correct?
2) Currently out-of-the-box the following roles exist: Contributor, Coordinator, Editor, Guest. Is it possible to define a custom role, and assign custom permissions to this role, perhapse specific to a type or aspect? If so, could an example of how to do this be provided?
3) Could permissions be configured in such a way that a type and/or aspect would be available to one group, but not any others? Again, if possible, an example would be great.
4) Does security extend beyond types and aspects? For example, could you limit which actions a user can choose when defining content rules for their space?
5) Would it be possible with security, to have multiple conceptual “company homes†within the same Store? For example with the following space structure:
Company Home (root of the store)
|
|— Home 1
| |— Projects
| |— project 1
| |— etc…
|
|— Home 2
|— Projects
Then assume there were two groups Group1 and Group2. Group1’s “company home†should be Home 1, and for all intents and purposes appear to be the root for all users in Group1.
Similarly Group2’s “company home†should be Home 2, and users in Group2 should not be allowed to go up any higher.
Would this be possible? Or would it be better to just set up a separate Store for each Group?
Thank you!
-Ryan
Labels:
- Labels:
-
Archive
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2006 03:28 AM
Hi
The first point of call is:
http://www.alfresco.org/mediawiki/index.php/Security_and_Authentication
You are correct, and this file is a good example of what to do.
ACL is really (node, authority, permission, ALLOW|DENY)
You are defining permissions and convenient groups of permissions (which you may call roles if you want …)
It is possible to define your own role. Just create another permissoin group. All are specific to a type or aspect. The ownable aspect is a good example.
This is not available at the moment. It requires some thought as you want to add a new "AddAspect/CreateType" permission bound to a type (as opposed to make a permission per type). I will add this to the list of things.
You can check if a user has any permission when building the UI so in principle, yes. You would have to assign global ACLs for some new permissions. Global ACLs are only in XML at the moment. You would have to change how these lists are built to reflect permissions. It is not supported out of the box.
We do not have pseudo roots. You could define the structure as described. If Home 1 and Home 2 have access restricted to each group then people will only see what they are allowed when they move up a folder. Home 1 will be Hidden from group 2 and the reverse.
I do not see why you can not have
|- Company Home
|- Group 1 Home
|- Group 2 Home
I don't recall any reason why a user's home space has to be below the company home. It may not be so easy to create it from the UI, I have not tried!
Company home is expected to be a unique location.
Regards
Andy
The first point of call is:
http://www.alfresco.org/mediawiki/index.php/Security_and_Authentication
1) It is my understanding that permissionDefinitions.xml is where you would essentially define an “ACL†that is associated with a type or aspect. Then that definition could be assigned to a user or group. Is this correct?
You are correct, and this file is a good example of what to do.
ACL is really (node, authority, permission, ALLOW|DENY)
You are defining permissions and convenient groups of permissions (which you may call roles if you want …)
2) Currently out-of-the-box the following roles exist: Contributor, Coordinator, Editor, Guest. Is it possible to define a custom role, and assign custom permissions to this role, perhapse specific to a type or aspect? If so, could an example of how to do this be provided?
It is possible to define your own role. Just create another permissoin group. All are specific to a type or aspect. The ownable aspect is a good example.
3) Could permissions be configured in such a way that a type and/or aspect would be available to one group, but not any others? Again, if possible, an example would be great.
This is not available at the moment. It requires some thought as you want to add a new "AddAspect/CreateType" permission bound to a type (as opposed to make a permission per type). I will add this to the list of things.
4) Does security extend beyond types and aspects? For example, could you limit which actions a user can choose when defining content rules for their space?
You can check if a user has any permission when building the UI so in principle, yes. You would have to assign global ACLs for some new permissions. Global ACLs are only in XML at the moment. You would have to change how these lists are built to reflect permissions. It is not supported out of the box.
5) Would it be possible with security, to have multiple conceptual “company homes†within the same Store? For example with the following space structure:
We do not have pseudo roots. You could define the structure as described. If Home 1 and Home 2 have access restricted to each group then people will only see what they are allowed when they move up a folder. Home 1 will be Hidden from group 2 and the reverse.
I do not see why you can not have
|- Company Home
|- Group 1 Home
|- Group 2 Home
I don't recall any reason why a user's home space has to be below the company home. It may not be so easy to create it from the UI, I have not tried!
Company home is expected to be a unique location.
Regards
Andy
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2006 09:58 AM
Andy,
Thank you for your quick reply, this really helps. I completely understand the security/permission model conceptually, but for some reason I am struggleing to get my mind around how to actually implement (in permissionDefinitions.xml) what I would like to do.
Could you please provide me with a simple example of the xml definition for this situation:
Let's say we have type cm:mytype, and a role called myrole (maybe it should actually be ROLE_myrole). I would like to only provide READ access to all content of type mytype to users and groups who have the role myrole, all other users should have no access. If you have time perhaps you could extend the example to demonstrate how to add READ and WRITE priveledges to content of type mytype to users and groups who have a role named authorrole.
Thanks again.
-Ryan
Thank you for your quick reply, this really helps. I completely understand the security/permission model conceptually, but for some reason I am struggleing to get my mind around how to actually implement (in permissionDefinitions.xml) what I would like to do.
Could you please provide me with a simple example of the xml definition for this situation:
Let's say we have type cm:mytype, and a role called myrole (maybe it should actually be ROLE_myrole). I would like to only provide READ access to all content of type mytype to users and groups who have the role myrole, all other users should have no access. If you have time perhaps you could extend the example to demonstrate how to add READ and WRITE priveledges to content of type mytype to users and groups who have a role named authorrole.
Thanks again.
-Ryan
Related Content
- Tech Talk Live #163 Recording - Alfresco Enterprise Roadmap in Alfresco Blog
- Inquiry About Alfresco Enterprise Features and Purchasing in Alfresco Forum
- Tech Talk Live #163 - Alfresco Enterprise Edition's Roadmap in Alfresco Blog
- Alfresco Community Edition 23.4 Release Notes in Alfresco Blog
- Alfresco Customer Newsletter — August 2024 in Alfresco Blog
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
