cancel
Showing results for 
Search instead for 
Did you mean: 

Error occuring while Creating Site roles

piyush48
Star Contributor
Star Contributor

Hi All,

I am creating custom role for site but it shows error of Authority related to role associated with site.

Here i am providing custom sitepermissiondefinition.xml whuch i have created for creating custom site roles.

I am getting following error though role is visible but cant add users to that custom roles:-

04190003 Wrapped Exception (with status template): 04190020 An authority was not found for GROUP_site_AvivaWorld_NewDocumentEditor

Thanks.

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE permissions >
<permissions>
        <!-- Namespaces used in type references -->
       <namespaces>
      <namespace uri="http://www.alfresco.org/model/system/1.0" prefix="sys"/>
      <namespace uri="http://www.alfresco.org/model/content/1.0" prefix="cm"/>
      <namespace uri="http://www.alfresco.org/model/site/1.0" prefix="st"/>
   </namespaces>
    <permissionSet type="sys:base" expose="all" >
    
      
      <permissionGroup name="FullControl" expose="true" allowFullControl="true" />
 
      <!-- ============================================= -->
      <!-- Convenient groupings of low level permissions -->
      <!-- ============================================= -->
      
      <permissionGroup name="Read"  expose="true" allowFullControl="false">
           <includePermissionGroup type="sys:base" permissionGroup="ReadProperties"/>
           <includePermissionGroup type="sys:base" permissionGroup="ReadChildren"/>
           <includePermissionGroup type="sys:base" permissionGroup="ReadContent"/>
      </permissionGroup>
       
      <permissionGroup name="Write" expose="true" allowFullControl="false">
           <includePermissionGroup type="sys:base" permissionGroup="WriteProperties"/>
           <includePermissionGroup type="sys:base" permissionGroup="WriteContent"/>
      </permissionGroup>  
       
      <permissionGroup name="Delete" expose="true" allowFullControl="false">
           <includePermissionGroup type="sys:base" permissionGroup="DeleteNode"/>
           <includePermissionGroup type="sys:base" permissionGroup="DeleteChildren"/>
      </permissionGroup>
       
      <permissionGroup name="AddChildren" expose="true" allowFullControl="false">
           <includePermissionGroup type="sys:base" permissionGroup="CreateChildren"/>
           <includePermissionGroup type="sys:base" permissionGroup="LinkChildren"/>
      </permissionGroup>
       
      <permissionGroup name="Execute" allowFullControl="false" expose="false">
          <includePermissionGroup type="sys:base" permissionGroup="ExecuteContent"/>
      </permissionGroup>
       
      <!-- Groups for low level permissions -->
       
      <permissionGroup name="ReadProperties" expose="true" allowFullControl="false" />  
      <permissionGroup name="ReadChildren" expose="true" allowFullControl="false" />  
      <permissionGroup name="WriteProperties" expose="true" allowFullControl="false" />  
      <permissionGroup name="ReadContent" expose="false" allowFullControl="false" />  
      <permissionGroup name="WriteContent" expose="false" allowFullControl="false" />  
      <permissionGroup name="ExecuteContent" expose="false" allowFullControl="false" />  
      <permissionGroup name="DeleteNode" expose="true" allowFullControl="false" />  
      <permissionGroup name="DeleteChildren" expose="true" allowFullControl="false" />  
      <permissionGroup name="CreateChildren" expose="true" allowFullControl="false" />  
      <permissionGroup name="LinkChildren" expose="true" allowFullControl="false" />  
      <permissionGroup name="DeleteAssociations" expose="true" allowFullControl="false" />  
      <permissionGroup name="ReadAssociations" expose="true" allowFullControl="false" />  
      <permissionGroup name="CreateAssociations" expose="true" allowFullControl="false" />  
      <permissionGroup name="ReadPermissions" expose="true" allowFullControl="false" />  
      <permissionGroup name="ChangePermissions" expose="true" allowFullControl="false" />  
    
      <permission name="_ReadProperties" expose="false" >
         <grantedToGroup permissionGroup="ReadProperties" />
         <!-- Commented out parent permission check ...
         <requiredPermission on="parent" name="_ReadChildren" implies="false"/>
         -->
      </permission>
      
      <!-- The permission to read the children of a node                                 -->
      <!--                                                                               -->
      <!-- This permission is recursive. It requires the same permission is granted to   -->
      <!-- all of the parent nodes from which this node inherits permissions             -->
      <!--                                                                               -->
      
      <permission name="_ReadChildren" expose="false" >
         <grantedToGroup permissionGroup="ReadChildren" />
         <!-- Commented out parent permission check ...
         <requiredPermission on="parent" name="_ReadChildren" implies="false"/>
         -->
      </permission>
      
      <!-- The permission to write to the properties of a node                           -->
      <!--                                                                               -->
      <!-- This permission includes adding aspects to a node as they are stored as       -->
      <!-- a property.                                                                   -->
      <!--                                                                               -->
      
      <permission name="_WriteProperties" expose="false" >
         <grantedToGroup permissionGroup="WriteProperties" />
         <!-- Commented out parent permission check ...
         <requiredPermission on="parent" name="_ReadChildren" implies="false"/>
         -->
      </permission>
                                       -->
      
      <permission name="_ReadContent" expose="false">
         <grantedToGroup permissionGroup="ReadContent"/>
         <!-- Commented out parent permission check ...
         <requiredPermission on="parent" name="_ReadChildren" implies="false"/>
         -->
      </permission>

      <!-- The permission to write content.                                              -->
      
      <permission name="_WriteContent" expose="false">
         <grantedToGroup permissionGroup="WriteContent" />
         <!-- Commented out parent permission check ...
         <requiredPermission on="parent" name="_ReadChildren" implies="false"/>
         -->
      </permission>
      
      <!-- Execute permission on content.                                                -->
      
      <permission name="_ExecuteContent" expose="false">
         <grantedToGroup permissionGroup="ExecuteContent" />
         <!-- Commented out parent permission check ...
         <requiredPermission on="parent" name="_ReadChildren" implies="false"/>
         -->
      </permission>
      
      <permission name="_DeleteNode" expose="false" >
         <grantedToGroup permissionGroup="DeleteNode" />
         <!-- Commented out parent permission check ...
         <requiredPermission on="parent" name="_ReadChildren" implies="false"/>
         <requiredPermission on="parent" name="_DeleteChildren" implies="false"/>
         <requiredPermission on="node" name="_DeleteChildren" implies="false"/>
         -->
         <!-- Remove the recursive check for now for performance -->
         <!-- TODO: have one permission to check for delete on an item and one to check  -->
         <!--       child permissions when delete is called on the node service          --> 
         <!--  <requiredPermission on="children" name="_DeleteNode" implies="false"/>     -->
      </permission>
      
      
      <!-- The permission to delete children of a node                                   -->
      <!--                                                                               -->
      <!-- At the moment this includes both unlink and delete                            -->
      <!--                                                                               -->
      <permission name="_DeleteChildren" expose="false" >
         <grantedToGroup permissionGroup="DeleteChildren" />
         <!-- Commented out parent permission check ...
         <requiredPermission on="parent" name="_ReadChildren" implies="false"/>
         -->
      </permission>
      
      <!-- The permission to create new nodes                                            -->
      
      <permission name="_CreateChildren" expose="false" >
         <grantedToGroup permissionGroup="CreateChildren" />
         <!-- Commented out parent permission check ...
         <requiredPermission on="parent" name="_ReadChildren" implies="false" />
         -->
      </permission>
      
      <!-- The permission to link nodes                                                  -->
      
      <permission name="_LinkChildren" expose="false" >
         <grantedToGroup permissionGroup="LinkChildren" />
         <!-- Commented out parent permission check ...
         <requiredPermission on="parent" name="_ReadChildren" implies="false"/>
         -->
      </permission>
     
     <!-- The permission to delte associations between nodes (not children)              -->
     
      <permission name="_DeleteAssociations" expose="false" >
        <grantedToGroup permissionGroup="DeleteAssociations" />
        <!-- Commented out parent permission check ...
        <requiredPermission on="parent" name="_ReadChildren" implies="false"/>
        -->
      </permission>
      
      <!-- The permission to read associations                                           -->
      
      <permission name="_ReadAssociations" expose="false" >
        <grantedToGroup permissionGroup="ReadAssociations" />
        <!-- Commented out parent permission check ...
        <requiredPermission on="parent" name="_ReadChildren" implies="false" />
        -->
      </permission>
      
      <!-- The permission to create associations                                         -->
      
      <permission name="_CreateAssociations" expose="false" >
        <grantedToGroup permissionGroup="CreateAssociations" />
        <!-- Commented out parent permission check ...
        <requiredPermission on="parent" name="_ReadChildren" implies="false" />
        -->
      </permission>
      
      <!-- ==================================================== -->
      <!-- Permissions related to the management of permissions -->
      <!-- ==================================================== -->
      
      <!-- The permission to read the permissions on a node                              -->
      
      <permission name="_ReadPermissions" expose="false" >
        <grantedToGroup permissionGroup="ReadPermissions" />
        <!-- Commented out parent permission check ...
        <requiredPermission on="parent" name="_ReadChildren" implies="false"/>
        -->
      </permission>
      
      <!-- The permission to the change the permissions associated with a node           -->
      
      <permission name="_ChangePermissions" expose="false" >
        <grantedToGroup permissionGroup="ChangePermissions" />
        <!-- Commented out parent permission check ...
        <requiredPermission on="parent" name="_ReadChildren" implies="false"/>
        -->
      </permission>
       
   </permissionSet> 
   <permissionSet type="st:site" expose="selected">
   
      <permissionGroup name="SiteManager" allowFullControl="true" expose="true" />
      
      <permissionGroup name="SiteCollaborator" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Collaborator" type="cm:cmobject" />
      </permissionGroup>
      
      <permissionGroup name="SiteContributor" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
      </permissionGroup>
      
      <permissionGroup name="SiteConsumer" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Consumer" type="cm:cmobject" />
         <includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
      </permissionGroup>
	   <permissionGroup name="NewDocumentEditor" allowFullControl="false" expose="true">
          <includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/>
		  <includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
          <includePermissionGroup type="cm:workingcopy" permissionGroup="CheckIn" />
          <includePermissionGroup type="cm:workingcopy" permissionGroup="CancelCheckOut" />
		  <includePermissionGroup type="sys:base" permissionGroup="ReadPermissions"/>
		  <includePermissionGroup type="sys:base" permissionGroup="Write"/>
		  <includePermissionGroup type="sys:base" permissionGroup="Delete"/>
		  <!--<includePermissionGroup type="cm:ownable"	permissionGroup="TakeOwnership" />-->
          <!-- Check In permission - only exposed when the workingcopy aspect is present        -->
       </permissionGroup>      

	   <permissionGroup name="NewSiteCollaborator" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Editor" type="cm:cmobject" />
         <includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
		 <includePermissionGroup type="sys:base" permissionGroup="Delete"/>
		 
       </permissionGroup>

	   <permissionGroup name="NewSiteContributor" allowFullControl="false" expose="true" >
          <!-- Contributor is a consumer who can add content, and then can modify via the -->
          <!-- owner permissions.                                                      -->
          <includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/>
          <includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
          <includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
		  <includePermissionGroup type="sys:base" permissionGroup="Delete"/>
      </permissionGroup>
	  <permissionGroup name="NewSiteEditor"  expose="true" allowFullControl="false" >
          <includePermissionGroup type="cm:cmobject" permissionGroup="Consumer"/>
          <includePermissionGroup type="sys:base" permissionGroup="Write"/>
          <includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
          <includePermissionGroup type="sys:base" permissionGroup="ReadPermissions"/>
      </permissionGroup>
      
   </permissionSet>

	<permissionSet type="cm:ownable" expose="selected">
      
      <!-- Permission control to allow ownership of the node to be taken from others     -->
      <permissionGroup name="TakeOwnership" requiresType="false" expose="false">
           <includePermissionGroup permissionGroup="SetOwner" type="cm:ownable" />
      </permissionGroup>
       
      <permissionGroup name="SetOwner" requiresType="false" expose="false"/>
      
      <!-- The low level permission to control setting the owner of a node               -->
      <permission name="_SetOwner" expose="false" requiresType="false">
        <grantedToGroup permissionGroup="SetOwner" />
        <!-- require to be able to reach the node and set properties in the node         -->
        <!-- Commented out parent permission check ...
        <requiredPermission on="parent" name="_ReadChildren" />
        -->
        <requiredPermission on="node" type="sys:base" name="_WriteProperties" />
      </permission>
      
   </permissionSet>
   
   <!-- =================================================== -->
   <!-- Permission related to check in and cancel check out. -->
   <!-- =================================================== -->

      <permissionSet type="cm:workingcopy" expose="selected">

         <!-- Cancel Check Out permission - only exposed for the workingcopy aspect is present -->
         <permissionGroup name="CancelCheckOut" requiresType="true" expose="false">
            <includePermissionGroup permissionGroup="Unlock" type="cm:lockable" />
         </permissionGroup>

         <!-- Check In permission - only exposed when the workingcopy aspect is present        -->
         <permissionGroup name="CheckIn" requiresType="true" expose="false">
            <includePermissionGroup permissionGroup="Unlock" type="cm:lockable" />
         </permissionGroup>
			
      </permissionSet>
   
   <!-- =================================================== -->
   <!-- Permission related to lock, check out and check in. -->
   <!-- =================================================== -->
   
   <permissionSet type="cm:lockable" expose="selected">
    
      <!-- At the moment these permissions are hidden so they do not appear in the list  -->
      <!-- of permissions.                                                               -->
    
      <!-- Check Out permission - exposed for all object types                           -->
      <permissionGroup name="CheckOut" requiresType="false" expose="false">
          <includePermissionGroup permissionGroup="Lock" type="cm:lockable" />
      </permissionGroup>
      
      <permissionGroup name="Lock" requiresType="false" expose="false"/>
      <permissionGroup name="Unlock" requiresType="true" expose="false"/>
       
    
      <!-- Low level lock permission                                                     -->
      <permission name="_Lock" requiresType="false" expose="false">
        <grantedToGroup permissionGroup="Lock" />
        <requiredPermission on="node" type="sys:base"  name="Write"/>
      </permission>
      
      <!-- Low level unlock permission                                                   -->
      <permission name="_Unlock" requiresType="true" expose="false">
        <grantedToGroup permissionGroup="Unlock" />
      </permission>      
      
   </permissionSet>
   
   <!-- ================== -->
   <!-- Global permissions -->
   <!-- ================== -->
   
   <!--                                                                                  -->
   <!-- Global permissions apply regardless of any particular node context.              -->
   <!-- They can not be denied by the permissions set on any node.                       -->
   <!--                                                                                  --> 
      
   <!-- Admin can do anything to any ndoe                                                -->
   <globalPermission permission="FullControl" authority="ROLE_ADMINISTRATOR"/>
   
   <!-- For now, owners can always see, find and manipulate their stuff                  -->
   <globalPermission permission="FullControl" authority="ROLE_OWNER"/>
   
   <!-- Unlock is granted to the lock owner                                              -->
   <globalPermission permission="Unlock" authority="ROLE_LOCK_OWNER"/>
   
   <!-- Check in is granted to the lock owner                                            -->
   <globalPermission permission="CheckIn" authority="ROLE_LOCK_OWNER"/>
   
   <!-- Cancel check out is granted to the locak owner                                   -->
   <globalPermission permission="CancelCheckOut" authority="ROLE_LOCK_OWNER"/>
   
   
</permissions>

1 ACCEPTED ANSWER

abhinavmishra14
World-Class Innovator
World-Class Innovator

You would be getting this error on existing site, its likely. Have you tried new site and getting same error ? "GROUP_site_AvivaWorld_NewDocumentEditor" must exist for the site. AvivaWorld is the site i suppose.

Refer this post and follow the instructions to fix the missing groups for existing sites:

https://hub.alfresco.com/t5/ecm-archive/howto-custom-permissions-in-alf-community-5-0-d/m-p/204986/h...

https://issues.alfresco.com/jira/secure/attachment/54733/fixsiteauthorities.zip

or

https://hub.alfresco.com/t5/ecm-archive/custom-role-creation-crashes-old-sites/m-p/29416/highlight/t...

~Abhinav
(ACSCE, AWS SAA, Azure Admin)

View answer in original post

5 REPLIES 5

piyush48
Star Contributor
Star Contributor

Hii All,

I think that it might be the error with the CheckIn,CheckOut and CancelCheckOut permission because they are using authority Role_Lock_Owner and maybe it is not available.

Please suggest some solution.

Thanks,

Piyush

abhinavmishra14
World-Class Innovator
World-Class Innovator

You would be getting this error on existing site, its likely. Have you tried new site and getting same error ? "GROUP_site_AvivaWorld_NewDocumentEditor" must exist for the site. AvivaWorld is the site i suppose.

Refer this post and follow the instructions to fix the missing groups for existing sites:

https://hub.alfresco.com/t5/ecm-archive/howto-custom-permissions-in-alf-community-5-0-d/m-p/204986/h...

https://issues.alfresco.com/jira/secure/attachment/54733/fixsiteauthorities.zip

or

https://hub.alfresco.com/t5/ecm-archive/custom-role-creation-crashes-old-sites/m-p/29416/highlight/t...

~Abhinav
(ACSCE, AWS SAA, Azure Admin)

Thanks Abhinav,

It works fine when creating new site but if I createnew role again this error come for this site after I restart the server than also it doesn't reflect changes to an existing site.

Hi @abhinavmishra14 ,

For the new custom role created after site is created i am getting the error. Now the links provided by you doesnt provide me the solution. I have tried implementing webscript as told in the links and also it would not be helpful as to implement webscript everytime  new custom role is created and wouldnt be great for development environment.

Some other solution or suggestion would be great.

Thanks,

Piyush

The issue would be likely for old sites not on newly created sites. Please create a separate thread stating the exact error you are getting and what all steps you followed include the webscript code you wrote, so someone can look at it. 

~Abhinav
(ACSCE, AWS SAA, Azure Admin)