Hyland Connect

dilipl · ‎04-12-2011

I am on alfresco 3.4c.
After creating a person (of type cm

erson), I need to add an aspect to the person node. The user doing this is not an Admin, so I create a custom permissiongroup (writeproperties) on cm

erson as follows….

<permissionSet type="cm

erson" expose="selected">
      <permissionGroup name="WriteProperties" allowFullControl="false" expose="false" >
         <includePermissionGroup permissionGroup="WriteProperties" type="sys:base" />
      </permissionGroup>
   </permissionSet>

This permission is then allocated to another permissiongroup, on a custom node

<permissionSet type="abc:xyz" expose="selected">
      <permissionGroup name="updateUsers" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="WriteProperties" type="cm

erson" />
</permissionGroup>
</permissionSet>

Inspite of the logged in user having updateUsers, they get an access denied when writing an aspect to the person node. Can anybody help?

afaust · ‎04-09-2012

Hello,

although this is a rather old post, here is at least one response.

In order for your custom permission to work you need to apply it to a node that is a primary ancestor of the person node. E.g. you would need to authorize a user either on a specific person or the container of person objects (XPath: /system/people). The "type" parameter on a permission set only specifies that the permission groups you declare are applicable to a certain type, not automatically applied. Granting a permission group to a user only grants the included permissions within the context of the hierarchy defined by primary child associations.

Regards
Axel

Hyland Connect

WriteProperties on cm:person?