cancel
Showing results for 
Search instead for 
Did you mean: 

user groups and roles

federico_tesei
Champ in-the-making
Champ in-the-making
Hi I've a puzzling result from my test in the simple scenario detailed below.

My comprehension of Alfresco Security model is that two user belonging to the same group invited to the same space has the same capabilities on the content in that space regardless from who has created it.

The sequence attached below seem to make me mistaken.

I miss some stuff ?

Any pointer or explanation of this 'strange' behaviour an how I can circumvent this prolem?


thanks to all

federico

==============================================

I've  with admin role
> defined two spaces ( 'Collector' and 'Draft' )
> defined a group 'GROUP_Contributors'
> invited  'GROUP_Contributors' with Alfresco 'Contributor role' on both 'Collector' and 'Draft' spaces
> added two user, contributor1 and contributor2 in 'GROUP_Contributors'
> defined a simple workflow action to move from Collector to Draft

I  can  successfully
> login as contributor1
> go to Collector
> create a ContentX in Collector
> move ContentX to Draft through the simple work flow action
> logout

can't succesfully
>login as contributor1
> go to Collector
> create a contentY in Collector
>logout
> login as contributor2
> go to Collector
> moving  Content Y to Draf through workflow action I get
  
Failed to approve the document due to system error: Access Denied. You do not have the appropriate permissions to perform this operation.


===============================================
5 REPLIES 5

rivarola
Champ on-the-rise
Champ on-the-rise
I think a Contributor cannot move/edit/delete content created by another user.

federico_tesei
Champ in-the-making
Champ in-the-making
Thanks for your reply. But this is quite disrupting from my point of view Smiley Sad.
My comprehension from reading the book on Alfresco by Munwar Shariff is that usually you have to assign roles/permission on space, not to user basis but to group basis to be more configurable. This on the ground that all users belonging to a group have the same capabilities. And this is actually my need.If  this is not true what is the group concept useful for ?
Anyway have you any suggestion to enforce on Alfresco this behavior ?.
all users of a group with a given role on a space, whatever this is, has the same capability on contents in this space regardless which is the contents creator  ?
Actually just user admin seem to behave this way.
A pointer to where look for on the topic is welcome as well ? 


thanks a lot


federico

tonytony
Champ in-the-making
Champ in-the-making
Owners have additional privileges.

federico_tesei
Champ in-the-making
Champ in-the-making
Hi to all,  
             after plenty test, docs search and forum chats I've come to this asumptions.

The clerance to perform a simple-workflow  move action on a content in a space depends on:

a) role of the current user's group  on the space
b) current user versus content creator / content modifier

I 've not found docs anywhere that clarify this topic.

By test experience I've found that I could enforce my simple work flow design if I could perform the 'move' actions with 'admin' grant.

The question is: Is it by priciple possible to write a javaScript action bound to a document on the space that in a transactional manner switch to admin privileges move the content set modifier as current usser and switch back  to current user ?

thanks  for your help


federico

priyanka_nayak
Champ in-the-making
Champ in-the-making
Hi everybody,

Can anybody tell me if I create a new role then how can I assign a custom permission to it programmaticaly..

Regards,
Priyanka