Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Possibility to disable 'Inherit Parent Space Perm'

robses
Champ in-the-making
Champ in-the-making

‎06-01-2007 05:54 AM

Is it possible to create a role similar to Coordinator but without the possibility
to adjust the setting "Inherit Parent Space Permissions" of a space.

We want our coordinators to manage the space users themself, but not allow them to enable the "Inherit Parent Space Permissions" setting. This will be a safety measure so Coordinators accidentily do not enable these setting which in our case will open up the Space for Everyone with the role of Consumer rights

Or is maybe another possibility ?

  Regards Rob Sessink
Labels:
0 Kudos
2 REPLIES 2

andy
Champ on-the-rise
Champ on-the-rise

‎06-06-2007 09:57 AM

Hi

At the moment, the authorisation layer allows you to set permissions or not.

It would be possible to have different requirements around the methods on the PermissionService API that would do what you want. In public-services-security-context.xml you would need to do over ride …


<bean id="PermissionService_security" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
        <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
        <property name="objectDefinitionSource">
            <value>
                org.alfresco.service.cmr.security.PermissionService.getOwnerAuthority=ACL_ALLOW
                org.alfresco.service.cmr.security.PermissionService.getAllAuthorities=ACL_ALLOW
                org.alfresco.service.cmr.security.PermissionService.getAllPermission=ACL_ALLOW
                org.alfresco.service.cmr.security.PermissionService.getPermissions=ACL_NODE.0.sys:base.ReadPermissions
                org.alfresco.service.cmr.security.PermissionService.getAllSetPermissions=ACL_NODE.0.sys:base.ReadPermissions
                org.alfresco.service.cmr.security.PermissionService.getSettablePermissions=ACL_ALLOW
                org.alfresco.service.cmr.security.PermissionService.hasPermission=ACL_ALLOW
                org.alfresco.service.cmr.security.PermissionService.deletePermissions=ACL_NODE.0.sys:base.ChangePermissions
                org.alfresco.service.cmr.security.PermissionService.deletePermission=ACL_NODE.0.sys:base.ChangePermissions
                org.alfresco.service.cmr.security.PermissionService.setPermission=ACL_NODE.0.sys:base.ChangePermissions
                org.alfresco.service.cmr.security.PermissionService.setInheritParentPermissions=ACL_METHOD.ROLE_ADMINISTRATOR
                org.alfresco.service.cmr.security.PermissionService.getInheritParentPermissions=ACL_ALLOW
                org.alfresco.service.cmr.security.PermissionService.clearPermission=ACL_NODE.0.sys:base.ChangePermissions
            </value>
        </property>
    </bean>

Then only admins can muck around with inheritance. Non admins will get an ugly  error on trying to set this via the UI as it would not protect this….

If this is not enough then you need to read about dynamic authorities and start creating more permissions around the PermissionService.

Cheers

Andy
0 Kudos

robses
Champ in-the-making
Champ in-the-making

‎06-25-2007 12:48 PM

My apologies for the late reply, thank you for the proposed solution. I will add this to our setup, having a error thrown in the UI is no problem, the main thing is that the workspace stay protected.

  Regards Rob
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC