Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problem with permissions over groups(behaviour of heritance)

venzia
Star Collaborator
Star Collaborator

‎05-04-2009 01:19 PM

Hi all, i have the follow scenario :
                                 
                    GROUP-A
               _________________
              |                 |
       Group-A-A              Group-A-B
         |                           |
   Group-A-A-A                    Group-A-B-A


the problem :
A user of the Group-A-A-A upload a file. using a inbound rule, alfresco executes a script that assign read permission only for the top level groups of this group (Group-A-A and GroupA), but if i try with a user of the Group-A-B or Group-A-B-A i can read the document too. I need avoid this behavior. I want to assign read permissions only for top levels groups of the same "branch".
Is this posible through configuration files??
If the answer is no, how can i do it?
Sorry for my poor english.
Thanks a lot!
Venzia IT Services & Consulting SL
AQuA Developers | Venzia Community
Labels:
0 Kudos
3 REPLIES 3

kalpesh_patel
Champ in-the-making
Champ in-the-making

‎05-05-2009 07:58 AM

Give me more information about this scenario.

1. Are you giving permissions to the content of space?
2. Do you have a consumer->read permission configured for your space?
3. Do you have "Inherit Parent Space Permissions" check box selected for your top level space?
0 Kudos

venzia
Star Collaborator
Star Collaborator

‎05-05-2009 12:55 PM

1. Are you giving permissions to the content of space?
2. Do you have a consumer->read permission configured for your space?
3. Do you have "Inherit Parent Space Permissions" check box selected for your top level space?
To answer all questions i paste the script body (the simple way) and explain the process and other details.
Script Body :

//cut inheritance
document.setInheritsPermissions(false);
//get groups of the user (in this example if the user belongs to Group-A-A-A the function return Group-A-A-A,Group-A-A and Group-A )
var arr=people.getContainerGroups(person);
var i;
for(i=0;i<arr.length;i++) 
  document.setPermission("Read",arr[i].properties["usr:authorityName"] );

document.save();

The process :
-User upload a document in a general space (this space is accesible for all user of all groups).
-Alfresco launch a inbound rule that execute the previous script.

Other Details:
-the nodebrowser show the follow information of the document :
Permissions
Inherit:   false
Assigned Permission   To Authority     Access
Read              GROUP_GROUP-A-A-A   ALLOWED
Read              GROUP_GROUP-A-A     ALLOWED
Read              GROUP_GROUP-A       ALLOWED

But the problem is that the document is accesible for the users of the GROUP-A-B-A too!.
I believe this behaviour is due that they share the parent top level group (Group-A).
I Hope you can help me.
Many Thanks!
Venzia IT Services & Consulting SL
AQuA Developers | Venzia Community
0 Kudos

venzia
Star Collaborator
Star Collaborator

‎05-08-2009 11:24 AM

hi kalpesh, sorry for not answering before. I see that you have deleted the previous message. anyway that does not solve my problem.
You can test yourself with my example and your comments and check later that the users of the Group-ABA still access the file when it should not be the case.
I tried to create other groups who do not share the parent top level group and in this case can not access the file.
I hope you can help me understand this behavior.
thanks!
Venzia IT Services & Consulting SL
AQuA Developers | Venzia Community
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC