Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Search does not perform ACL

janvg
Champ in-the-making
Champ in-the-making

‎10-30-2007 11:49 AM

users from our system can find all documents by means of search. They can not browse the repository. ACL work fine here. But when they search they will see all content !

What can be the reason and how to fix this ?

thx
Labels:
0 Kudos
8 REPLIES 8

derek
Star Contributor
Star Contributor

‎11-01-2007 08:14 PM

What version of the product is this?
0 Kudos

janvg
Champ in-the-making
Champ in-the-making

‎11-03-2007 03:06 AM

2.1 community
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎11-08-2007 05:02 AM

Hi

Have you any customisations for search?

Are you talking about the simple search from the standard UI finding all content?
Which locale are you using on the server?
Which locale do you use when you log in?
Can you provide some example user names?

Is this a clean 2.1C or an uprade?

Andy
0 Kudos

janvg
Champ in-the-making
Champ in-the-making

‎11-08-2007 05:30 AM

We have no customizations for search, we use the Alfresco standard search

We have the problem even under locale english
We use English/Dutch/French
All locales give the same problem

This was an upgrade.

It even happens when we create a new user with very strick access right on one folder. By search he can enter all data.

Any suggestions what to do ? Re-index the system ? Would this help ?

If wanted I can give you a example user name.
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎11-12-2007 09:47 AM

Hi

An example user name would be good.

For one doc, which should not be found, as admin go and find all the permissions that have been set on this doc and all of its parent folders  and report what permissions have been set, if they are inherited, etc as shown in the manage space and manage document users. You could also use the node browser for this.

Note: a user does not have to ba able to navigate to a doc to be able to see it. If you want this it can be configured into the permissions model. In the UI and CIFS and FTP as they have a navigation model it will hide the doc. As Alfresco ships, if you can read a doc you can find - even if you can not navigate to it.

Andy
0 Kudos

janvg
Champ in-the-making
Champ in-the-making

‎11-12-2007 10:04 AM

Think I found the problem and I believe it is a Bug

When I make a space called "demo"
And I make sure that inherit permissions is set to "no"
And make sure the space has no inited users (since it is a new space) 

When I create a new user demo_user
And I set his homespace for this user to the "demo" space

When I go back to the demo space and click on manage users suddenly group_everyone has consumer access to this space !
0 Kudos

kevinr
Star Contributor
Star Contributor

‎11-12-2007 11:18 AM

This is not a bug - it is how permissions are applied when User home spaces are assigned.

So the reason you are "suddenly" seeing documents is that you have made spaces into user home spaces - and they have been given the EVERYONE=Consumer permission - making those documents visible to all.

Simply remove that permission on those home spaces and it will remove the issue from your system.

The default permission for the EVERYONE user can be configured (and overriden) in web-client-config-custom.xml, here is the config block:

         <!– The default permissions to apply to a new users Home Space when first created –>
         <!– this permission is for other users attempting to access that Home Space –>
         <!– generally set to "Consumer" or empty value to indicate a private hidden space. –>
         <!– see org.alfresco.service.cmr.security.PermissionService for allowed values –>
         <home-space-permission>Consumer</home-space-permission>

Change the value to:

<home-space-permission></home-space-permission>
will fix the problem for all new user home spaces Smiley Happy

Thanks,

Kevin
0 Kudos

janvg
Champ in-the-making
Champ in-the-making

‎11-13-2007 03:23 AM

Kevin ,

Thanks for the reply :

Actually you are not completly correct since -
I'do not quote] made spaces into user home spaces, I add a user to an excisting space and set it as his homespace. The space already had carefully chosen specific permissions. Adding a user to the space suddenly changes these permissions.

Say I have a project space and suddenly I have a new project member, I add him as a new user to Alfresco and make this project space his homespace. This action makes this project space accessible by everyone ??

For me this does not make sense.

Anyhow, I know how to avoid this , but rather would see the default the other way arround.

Thanks again.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC