Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Permissions - Controlled based on content aspects

limarin
Champ in-the-making
Champ in-the-making

‎10-02-2006 04:50 AM

Hi,

I need to control permissions based on content property values.

For example, if 'State' were a property value (my new aspect), I may want to limit access to folder and content that contains only for a given user or group of users.

How can I do it?

I add two new aspects: state folder (opened/closed) and finish date and I have created a scheduled job to update the state folder.
How do I modify in this process the permissos?

Thanks for your help
Labels:
0 Kudos
6 REPLIES 6

andy
Champ on-the-rise
Champ on-the-rise

‎10-03-2006 05:53 AM

Hi

You can use a dynamic authority.
See the examples for ower and lock owner.

For any object you can determine if a given user should have a dynamic authority. So you can access the current user information and the accessed node ref and decide, for example, that the AUTH_STATE should be granted to the user, for the given node, if the node state is set to some value. The user has then has that authority and will have the permissions associated with that authority. The permissions would be set globally or set or inherited in the node against AUTH_STATE.

The UI does not support setting permission for dynamic authorities.
So far only global permissions have been required.

Regards

Andy
0 Kudos

limarin
Champ in-the-making
Champ in-the-making

‎10-03-2006 06:13 AM

Can you say to me where I locate the examples?

Thank you very much
0 Kudos

limarin
Champ in-the-making
Champ in-the-making

‎10-03-2006 11:18 AM

Hi,

Now I am using the method clearPermission:

public void execUpdateWork() 
{ 
    TransactionWork<Object> updWork = new TransactionWork<Object>() 
    { 
        public Object doWork() throws Exception 
        { 
               ….. search folders 
       
      authenticationComponent.setCurrentUser(authenticationComponent.getSystemUserName()); 
      QName qStFolder = QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "stateFolder"); 
      for(ResultSetRow row : results) 
      { 
         currentNodeRef = row.getNodeRef(); 
         if (currentDate.compareTo(closeDate)>-1) { 
         this.nodeService.setProperty(nodeRef, qStFolder, "CLOSED"); 
         
         this.permissionService.clearPermission(nodeRef,"GROUP_MyGroup");
         
      } 
       
      ….. results.close(); 
       
                return null; 
        } 
    }; 
    TransactionUtil.executeInUserTransaction(this.transactionService, updWork); 
}

The users of the group do not have permissions on the folders and now they are not visualized in the browse page…

but the creator user (owner) of the folder (who also belongs to the group GROUP_MyGroup) continues having the permissions and continues seeing the folder.

Is it possible that cannot clean the permissions of access to the folder of the owner user?

I view http://forums.alfresco.com/viewtopic.php?t=3498

Exist a dynamic authority for owner.

I need to assign only the global permissions. I do not want that the user who creates a folder (owner) has all the permissions on the folder.

When the user creates the folder, is possible to disable this dynamic authority?

Thanks.
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎10-03-2006 12:31 PM

Hi

You need to set the owner to have the required global permission in the config - or, for no ower permission  remove the entry for no permissions in the config or do not register the dyamic owner authority.

Regards

Andy
0 Kudos

limarin
Champ in-the-making
Champ in-the-making

‎10-03-2006 12:39 PM

Smiley Surprisedops: sorry, i don't understand it completely.

You can show me a practical example?

Thanks.
0 Kudos

dschmalz
Champ in-the-making
Champ in-the-making

‎10-06-2006 06:18 AM

You can show me a practical example?

The 'owner' of a document is a global permission which is set in the permissionDefinitions.xml configuration file. By default, the owner of an object (content or space) has full control over it. This means that if you also want to remove the rights of the owner, this global permission has to be removed.

Look at the permissionDefinitions.xml file and comment out at the very bottom the OWNER_AUTHORITY tag. Then restart Alfresco.
The file is located in tomcat\webapps\alfresco\WEB-INF\classes\alfresco\model .

<!– For now, owners can always see, find and manipulate their stuff               –>
   <globalPermission permission="FullControl" authority="ROLE_OWNER"/>

Then, the owner of the space should not have access anymore.

David
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2026 Khoros, LLC