Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Content Management
- Alfresco
- Alfresco Archive
- [Solved] Problem : Create a new role
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
[Solved] Problem : Create a new role
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2006 05:11 AM
Hi everybody,
I'm working on the alfresco project for my company, and it seems to be very powerful. But, however , I got some trouble … Let me explain:
I want to have a workflow (not very difficult, for this step :wink: )
So I have 3 folders:
=> "Drafts
=> "Pending approval"
=> "Published"
So, I have 3 groups:
=> "Writers"
=> "Approvers"
=> "Administrators"
Indeed, I want the writers to request an approval for a document, but not TO BE ABLE OF VIEWING THE FOLDER "Pending approval".
That's my problem, it seems that there is no solution except creating a new role. So, I decided to create a role, in order to write in a folder where the user cannot read.
In the permissionsDefinition.xml, i had the following:
But, it still doesn't work! I don't wee where I could have done a mistake!
If someone has a solution, I hope for a lot of help :cry:
P.S: I have already tried to create a "temp" folder, where i created a copy rule, but it doesn't work too…
Thanks.
I'm working on the alfresco project for my company, and it seems to be very powerful. But, however , I got some trouble … Let me explain:
I want to have a workflow (not very difficult, for this step :wink: )
So I have 3 folders:
=> "Drafts
=> "Pending approval"
=> "Published"
So, I have 3 groups:
=> "Writers"
=> "Approvers"
=> "Administrators"
Indeed, I want the writers to request an approval for a document, but not TO BE ABLE OF VIEWING THE FOLDER "Pending approval".
That's my problem, it seems that there is no solution except creating a new role. So, I decided to create a role, in order to write in a folder where the user cannot read.
In the permissionsDefinition.xml, i had the following:
<!– Rajout d'une permission permettant l'ajout de documents dans un dossier sur lequel, l'utilisateur n'a pas de droit de lecture –>
<permissionGroup name="Redacteur" allowFullControl="false" expose="true">
<!– <includePermissionGroup permissionGroup="Read" type="sys:base" /> –>
<includePermissionGroup permissionGroup="AddChildren" type="sys:base" />
<includePermissionGroup permissionGroup="Write" type="sys:base" />
<includePermissionGroup permissionGroup="CheckOut" type="cm:lockable" />
</permissionGroup>
But, it still doesn't work! I don't wee where I could have done a mistake!
If someone has a solution, I hope for a lot of help :cry:
P.S: I have already tried to create a "temp" folder, where i created a copy rule, but it doesn't work too…
Thanks.
Labels:
- Labels:
-
Archive
40 REPLIES 40
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2006 10:35 AM
Hi,
What's missing is the I18N message which you should add to webclient.properties.
Just add a line:
Regards,
–Aladdin
What's missing is the I18N message which you should add to webclient.properties.
Just add a line:
Writer=WriterRegards,
–Aladdin
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2006 06:15 AM
Hi,
What's missing is the I18N message which you should add to webclient.properties.
Just add a line:Writer=Writer
Regards,
–Aladdin
Right, my apologies, I forgot that!
Any returns?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2006 12:27 PM
Hello, we have the same problem. So the problem is the permission on the node. So we want that the approvment of the document was process with anybody allow to approve. So the improvment of the 1.4 does not correct that bug…
So can anyone and alfresco team halp everyone witch has the same problem..?
Thank you very much for your help.
So can anyone and alfresco team halp everyone witch has the same problem..?
Thank you very much for your help.
I have tested the Writer role following the instructions with Tomcat Alfresco 1.3.0. and I have detected a permission problem but only when a content rule is defined in the destination workflow folder.
The procedure test is the following:
OK case:
* A Draft folder exists with unchecked Inherit Parent Space Permissions and User1 with Coordinator role. A simple workflow rule is defined for all items to copy/move (both tested) to Pending approval for Inbound content.
* A Pending approval exists with unchecked Inherit Parent Space Permissions, User1 with Writer role and User2 with Coordinator role.
1.- User1 adds content to Draft folder
2.- User1 accepts approval step and content is copied/moved (both tested) to Pending approval correctly
NOK case:
* A Draft folder exists with unchecked Inherit Parent Space Permissions and User1 with Coordinator role. A simple workflow rule is defined for all items to copy/move (both tested) to Pending approval for Inbound content.
* A Pending approval exists with unchecked Inherit Parent Space Permissions, User1 with Writer role and User2 with Coordinator role. A content rule is created in this folder, don?t matter what, add aspect, simple workflow, add categorization, etc.
1.- User1 adds content to Draft folder
2.- User1 accepts approval step and a Permission Denied error is issued
After this, if you remove the Pending approval content rule all works correctly again.
Any idea ? Thank you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2006 01:23 PM
Just wondering, what does the expose attribute do?
Thanks.
Thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-29-2006 09:32 AM
Hi
It is possible to change the permissions required for move (and copy) in
config\alfresco\public-services-security-context.xml.
We can't find in public-services-security-context.xml how to change permissions required for move (and copy).
Can you please post an example?
1) Add an action that moves regardles of permissionsSupposing we want to create an action duplicating move and copy action, where can we find the action class source?
Thank you for help,
Marco
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-29-2006 01:05 PM
Hi,
If you want to write a custom action you should write it as an extension to Alfresco. There's a custom action sample that comes with the SDK. The wiki also has some useful information.
Cheers,
–Aladdin
If you want to write a custom action you should write it as an extension to Alfresco. There's a custom action sample that comes with the SDK. The wiki also has some useful information.
Cheers,
–Aladdin
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-29-2006 02:12 PM
OK.
We have found the CopyActionExecuter.java action class to duplicate. (not the last one, because the SVN has a DB error and we cannot download the 1.3 and 1.4 Preview source)
Inside CopyActionExecuter.java and in the example Action of the SDK there's no reference to permissions (runasuser or something similar).
It seems that the Action is invoked only if the user has the permission.
If somebody can help us we can give the final solution back to other looking for similar solutions while waiting for 1.4 version…
Thank you for help.
Marco
We have found the CopyActionExecuter.java action class to duplicate. (not the last one, because the SVN has a DB error and we cannot download the 1.3 and 1.4 Preview source)
Inside CopyActionExecuter.java and in the example Action of the SDK there's no reference to permissions (runasuser or something similar).
It seems that the Action is invoked only if the user has the permission.
If somebody can help us we can give the final solution back to other looking for similar solutions while waiting for 1.4 version…
Thank you for help.
Marco
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2006 01:23 AM
Hi,
You might find this article helpful:
http://forums.alfresco.com/viewtopic.php?p=11434
Cheers,
–Aladdin
You might find this article helpful:
http://forums.alfresco.com/viewtopic.php?p=11434
Cheers,
–Aladdin
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2006 03:40 AM
Hi,
I have created the rol WRITER. But when I execute my rule appers to me this error:
Failed to update category due to system error: Transaction didn't commit: Access Denied. You do not have the appropriate permissions to perform this operation
This is my code:
I don't move my document with rol WRITER.
What is the problem?
Thanks.
I have created the rol WRITER. But when I execute my rule appers to me this error:
Failed to update category due to system error: Transaction didn't commit: Access Denied. You do not have the appropriate permissions to perform this operation
This is my code:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE permissions >
<!–PUBLIC '-//ALFRECSO//DTD PERMISSIONS//EN' 'permissionSchema.dtd' –>
<!– Note: the above is commented out as spring does not seem to find the dtd –>
<!– ============================================ –>
<!– The base permission model for the repository –>
<!– ============================================ –>
<!– The parent permission checks were removed 20/1/2006 –>
<permissions>
<!– Namespaces used in type references –>
<namespaces>
<namespace uri="http://www.alfresco.org/model/system/1.0" prefix="sys"/>
<namespace uri="http://www.alfresco.org/model/content/1.0" prefix="cm"/>
</namespaces>
<!– –>
<!– Permission sets link permissions and groups of permissions to types and aspects –>
<!– defined in the model. Permissions defined against a type apply to all objects –>
<!– that inherit from that type. Permissions defined against aspects apply to all –>
<!– objects or only objects that have the aspect applied. For example, the permission –>
<!– to lock an object could apply to any object but the permission to unlock an –>
<!– object woujld only apply to objects that have the lockable aspect. –>
<!– –>
<!– =============================================== –>
<!– Base permissions available on all types of node –>
<!– =============================================== –>
<permissionSet type="sys:base" expose="all" >
<!– ================= –>
<!– Permission groups –>
<!– ================= –>
<!– –>
<!– Permission groups are convenient groups of permissions. They may be used in –>
<!– thier own right or as the effective set of permissions. If an authority has –>
<!– all the permissions that make up a permission group they also have that –>
<!– permission group even though it has not been explicitly granted. –>
<!– –>
<!– =========== –>
<!– Full access –>
<!– =========== –>
<!– –>
<!– By default this is exposed for all objects unless inherited objects choose to –>
<!– expose only selected objects at the object level. –>
<!– –>
<permissionGroup name="FullControl" expose="true" allowFullControl="true" />
<!– ============================================= –>
<!– Convenient groupings of low level permissions –>
<!– ============================================= –>
<permissionGroup name="Read" expose="true" allowFullControl="false" />
<permissionGroup name="Write" expose="true" allowFullControl="false" />
<permissionGroup name="Delete" expose="true" allowFullControl="false" />
<permissionGroup name="AddChildren" expose="true" allowFullControl="false" />
<permissionGroup name="Execute" allowFullControl="false" expose="false"/>
<permissionGroup name="CreateNodes" expose="true" allowFullControl="false" />
<!– =========== –>
<!– Permissions –>
<!– =========== –>
<!– The permission to read properties on a node –>
<!– –>
<!– The properties of a node may ony be read if there is read access to the parent –>
<!– node. ReadChildren access to the parent node is recursive for all nodes from –>
<!– which the node inherits permissions. Access is required down the permission –>
<!– tree at all pioints. –>
<!– –>
<!– The permission to create new nodes –>
<permission name="CreateChildren" expose="true" >
<grantedToGroup permissionGroup="AddChildren" />
<!– Add this line –>
<grantedToGroup permissionGroup="CreateNodes" />
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false" />
–>
</permission>
<permission name="ReadProperties" expose="true" >
<grantedToGroup permissionGroup="Read" />
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
–>
</permission>
<!– The permission to read the children of a node –>
<!– –>
<!– This permission is recursive. It requires the same permission is granted to –>
<!– all of the parent nodes from which this node inherits permissions –>
<!– –>
<permission name="ReadChildren" expose="true" >
<grantedToGroup permissionGroup="Read" />
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
–>
</permission>
<!– The permission to write to the properties of a node –>
<!– –>
<!– This permission includes adding aspects to a node as they are stored as –>
<!– a property. –>
<!– –>
<permission name="WriteProperties" expose="true" >
<grantedToGroup permissionGroup="Write" />
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
–>
</permission>
<!– The permission to delete a node –>
<!– –>
<!– A node can only be deleted if there is delete permission on the node, if the –>
<!– node is accesible via its parent, and if the node can be deleted from its –>
<!– parent. Currently, there is no check that all the children can be deleted. –>
<!– This check can be added but requires more work so the UI is not checking this –>
<!– permission just to show the delete icon. –>
<!– –>
<!– The permission to read content. –>
<permission name="ReadContent" expose="false">
<grantedToGroup permissionGroup="Read"/>
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
–>
</permission>
<!– The permission to write content. –>
<permission name="WriteContent" expose="false">
<grantedToGroup permissionGroup="Write" />
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
–>
</permission>
<!– Execute permission on content. –>
<permission name="ExecuteContent" expose="false">
<grantedToGroup permissionGroup="Execute" />
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
–>
</permission>
<permission name="DeleteNode" expose="true" >
<grantedToGroup permissionGroup="Delete" />
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
<requiredPermission on="parent" name="DeleteChildren" implies="false"/>
<requiredPermission on="node" name="DeleteChildren" implies="false"/>
–>
<!– Remove the recursive check for now for performance –>
<!– TODO: have one permission to check for delete on an item and one to check –>
<!– child permissions when delete is called on the node service –>
<!– <requiredPermission on="children" name="DeleteNode" implies="false"/> –>
</permission>
<!– The permission to delete children of a node –>
<!– –>
<!– At the moment this includes both unlink and delete –>
<!– –>
<permission name="DeleteChildren" expose="true" >
<grantedToGroup permissionGroup="Delete" />
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
–>
</permission>
<!– The permission to create new nodes –>
<permission name="CreateChildren" expose="true" >
<grantedToGroup permissionGroup="AddChildren" />
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false" />
–>
</permission>
<!– The permission to link nodes –>
<permission name="LinkChildren" expose="true" >
<grantedToGroup permissionGroup="AddChildren" />
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
–>
</permission>
<!– The permission to delte associations between nodes (not children) –>
<permission name="DeleteAssociations" expose="true" >
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
–>
</permission>
<!– The permission to read associations –>
<permission name="ReadAssociations" expose="true" >
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false" />
–>
</permission>
<!– The permission to create associations –>
<permission name="CreateAssociations" expose="true" >
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false" />
–>
</permission>
<!– ==================================================== –>
<!– Permissions related to the management of permissions –>
<!– ==================================================== –>
<!– The permission to read the permissions on a node –>
<permission name="ReadPermissions" expose="true" >
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
–>
</permission>
<!– The permission to the change the permissions associated with a node –>
<permission name="ChangePermissions" expose="true" >
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" implies="false"/>
–>
</permission>
</permissionSet>
<!– ================================================ –>
<!– Permissions available to all content and folders –>
<!– ================================================ –>
<permissionSet type="cm:cmobject" expose="selected">
<!– Kept for backward compatibility - the administrator permission has –>
<!– been removed to aviod confusion –>
<permissionGroup name="Administrator" allowFullControl="true" expose="false" />
<!– A coordinator can do anything to the object or its childeren unless the –>
<!– permissions are set not to inherit or permission is denied. –>
<permissionGroup name="Coordinator" allowFullControl="true" expose="true" />
<!– A collaborator can do anything that an editor and a contributor can do –>
<permissionGroup name="Collaborator" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Editor" type="cm:cmobject" />
<includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
</permissionGroup>
<!– A contributor can create content and then they have full permission on what –>
<!– they have created - via the permissions assigned to the owner. –>
<permissionGroup name="Contributor" allowFullControl="false" expose="true" >
<!– Contributor is a consumer who can add content, and then can modify via the –>
<!– owner permissions. –>
<includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/>
<includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
<!– Check out requires write permissions so this will not apply to all –>
<!– documents. –>
<includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
</permissionGroup>
<!– An editor can read and write to the object; they can not create –>
<!– new nodes. They can cehck out content into a space to which they have –>
<!– create permission. –>
<permissionGroup name="Editor" expose="true" allowFullControl="false" >
<includePermissionGroup type="cm:cmobject" permissionGroup="Consumer"/>
<includePermissionGroup type="sys:base" permissionGroup="Write"/>
<includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
</permissionGroup>
<!– The Consumer permission allows read to everything by default. –>
<permissionGroup name="Consumer" allowFullControl="false" expose="true" >
<includePermissionGroup permissionGroup="Read" type="sys:base" />
</permissionGroup>
<!– Custom Role Begin –>
<!– A Writer can only create content –>
<permissionGroup name="Writer" allowFullControl="false" expose="true" >
<includePermissionGroup type="sys:base" permissionGroup="CreateNodes" />
</permissionGroup>
<!– Custom Role End –>
</permissionSet>
<!– =============================== –>
<!– Permissions specific to content –>
<!– =============================== –>
<permissionSet type="cm:content" expose="selected">
<!– Content specific roles. –>
<permissionGroup name="Coordinator" extends="true" expose="true"/>
<permissionGroup name="Collaborator" extends="true" expose="true"/>
<permissionGroup name="Contributor" extends="true" expose="true"/>
<permissionGroup name="Editor" extends="true" expose="true"/>
<permissionGroup name="Consumer" extends="true" expose="true"/>
<permissionGroup name="Writer" extends="true" expose="true"/>
</permissionSet>
<!– ============================================== –>
<!– Permissions associated with the Ownable aspect –>
<!– ============================================== –>
<permissionSet type="cm:ownable" expose="selected">
<!– Permission control to allow ownership of the node to be taken from others –>
<permissionGroup name="TakeOwnership" requiresType="false" expose="false"/>
<!– The low level permission to control setting the owner of a node –>
<permission name="SetOwner" expose="false" requiresType="false">
<grantedToGroup permissionGroup="TakeOwnership" />
<!– require to be able to reach the node and set properties in the node –>
<!– Commented out parent permission check …
<requiredPermission on="parent" name="ReadChildren" />
–>
<requiredPermission on="node" name="WriteProperties" />
</permission>
</permissionSet>
<!– =================================================== –>
<!– Permission related to lock, check out and check in. –>
<!– =================================================== –>
<permissionSet type="cm:lockable" expose="selected">
<!– At the moment these permissions are hidden so they do not appear in the list –>
<!– of permissions. –>
<!– Check Out permission - exposed for all object types –>
<permissionGroup name="CheckOut" requiresType="false" expose="false"/>
<!– Check In permission - only exposed when the lockable aspect is present –>
<permissionGroup name="CheckIn" requiresType="true" expose="false"/>
<!– Cancel Check Out permission - only exposed for the lockable aspect is present –>
<permissionGroup name="CancelCheckOut" requiresType="true" expose="false"/>
<!– Low level lock permission –>
<permission name="Lock" requiresType="false" expose="false">
<grantedToGroup permissionGroup="CheckOut" />
<requiredPermission on="node" type="sys:base" name="Write"/>
</permission>
<!– Low level unlock permission –>
<permission name="Unlock" requiresType="true" expose="false">
<grantedToGroup permissionGroup="CheckIn" />
<grantedToGroup permissionGroup="CancelCheckOut" />
</permission>
</permissionSet>
<!– ================== –>
<!– Global permissions –>
<!– ================== –>
<!– –>
<!– Global permissions apply regardless of any particular node context. –>
<!– They can not be denied by the permissions set on any node. –>
<!– –>
<!– Admin can do anything to any ndoe –>
<globalPermission permission="FullControl" authority="ROLE_ADMINISTRATOR"/>
<!– For now, owners can always see, find and manipulate their stuff –>
<globalPermission permission="FullControl" authority="ROLE_OWNER"/>
<!– Unlock is granted to the lock owner –>
<globalPermission permission="Unlock" authority="ROLE_LOCK_OWNER"/>
<!– Check in is granted to the lock owner –>
<globalPermission permission="CheckIn" authority="ROLE_LOCK_OWNER"/>
<!– Cancel check out is granted to the locak owner –>
<globalPermission permission="CancelCheckOut" authority="ROLE_LOCK_OWNER"/>
</permissions>I don't move my document with rol WRITER.
What is the problem?
Thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2006 08:45 AM
Hi,
What does your rule do?
Thanks,
–Aladdin
What does your rule do?
Thanks,
–Aladdin
Related Content
- NamespaceException: URI http://www.x.it/model/x/1.0 cannot be imported as it is not defined in Alfresco Forum
- cmis query performance in Alfresco Forum
- Recommended configuration for OpenSearch in Alfresco Forum
- Alfresco ACS 25.1 ansible install hanging on postgres database creation in Alfresco Forum
- The node just created with the java service does not show up on the database in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
