Hyland Connect

peterzmlim · ‎04-04-2012

Hi,

I've been reading up on the Alfresco's default permission modeling from http://wiki.alfresco.com/wiki/Security_and_Authentication#Enforcement_of_security and http://www.alfresco.com/help/webclient/concepts/cuh-user-roles-permissions.html .

I don't see the Delete permission group being declared under the cm:content and cm:folder's complex groups. But it's seems like the delete permissions is implicated upon the contributor's and collaborator's permissiongroups by the ROLE_OWNER ownerable service. Please correct me if I'm wrong. Also, will the WRITE/CREATE Permission implicate the Delete Permissions too?

If possible, Is it possible to create a javascript rule to be able to remove the implicated delete_node, delete_association permissions from specific files from specific users/groups?

If not, do I have to implement a behavior for NodeServicePolicies.BeforeDeleteNodePolicy as per describe here http://stackoverflow.com/questions/8969152/alfresco-prohibit-all-users-to-delete-a-content to do it? I'm not overly familiar with doing so, if possible can someone help me elaborate on the steps to do so?

Regards,
peterzmlim

peterzmlim · ‎04-04-2012

As most of the created users will either have the Collaborator or Consumer Role, will setting a new owner (ie switching the owner to a Coordinator) on the nodes be able to remove the delete permission from the Collaborators?

wgonzalez · ‎04-04-2012

The ROLE_OWNER implicitly defines delete permissions.
Although it is not recommended that you change default groups or roles, you can create a new one without the "DELETE"
Please read this post: http://www.anotherstrangerme.com/deny-delete-permission-to-space-owner-in-alfresco/

As that article describes, this can also be accomplished by an Aspect.

Hyland Connect

Understanding default Permissions and Delete Permisions