Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to enable non-admin user to modify ACLs to docs

Go to answer
longinus
Champ in-the-making
Champ in-the-making

‎11-03-2017 12:12 PM

Hello All

How do we enable user to modify ACLs (add new, remove existing) ?

Me as an admin can make a call to folder.addAcl() and assign new permissions for principals. But how can i enable other selected user to achieve the same thing? Would i need to put a user into a group and then assign it some capabilities that would enable them to assign acls?

Thanks

Krzysztof

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
afaust
Legendary Innovator
Legendary Innovator
In response to longinus

‎11-05-2017 08:00 AM

You mean out-of-the-box? There isn't even a way to set this privilege in Share without some minor customisation. But as long as you have a tool / client that can call a ReST API, you could use either ReST v1 API or custom web scripts to set this privilege.

View answer in original post

0 Kudos
10 REPLIES 10

Go to answer
afaust
Legendary Innovator
Legendary Innovator

‎11-03-2017 02:50 PM

A user needs to have the ChangePermissions privilege / permission on the document (or inherited from the parent folder) to be able to manage the ACL.

0 Kudos

Go to answer
longinus
Champ in-the-making
Champ in-the-making
In response to afaust

‎11-04-2017 08:59 AM

Is there a way to set it outside of Share?

0 Kudos

Go to answer
afaust
Legendary Innovator
Legendary Innovator
In response to longinus

‎11-05-2017 08:00 AM

You mean out-of-the-box? There isn't even a way to set this privilege in Share without some minor customisation. But as long as you have a tool / client that can call a ReST API, you could use either ReST v1 API or custom web scripts to set this privilege.

0 Kudos

Go to answer
longinus
Champ in-the-making
Champ in-the-making
In response to afaust

‎11-05-2017 02:16 PM

Thanks for reply.

Do you mind telling me which rest public so i I can use to set permissions?

0 Kudos

Go to answer
afaust
Legendary Innovator
Legendary Innovator
In response to longinus

‎11-06-2017 04:39 AM

A pu to the /nodes/{nodeId} v1 ReST endpoint allows to set permissions.

0 Kudos

Go to answer
longinus
Champ in-the-making
Champ in-the-making
In response to afaust

‎11-09-2017 12:34 PM

Thanks for pointing me to this endpoint. I am able to add new permissions with it now.

However, overwriting the existing inherited permissions doesn't work. Inherited permissions are: GROUP_EVERYONE, Consumer, ALLOWED. I would like to remove it or overwrite it with GROUP_EVERYONE, Consumer, DENIED.

I end up having them both set, and since ALLOWED is first on the list, it is applied first.

Is there a way to remove ALLOWED or overwrite it?

0 Kudos

Go to answer
afaust
Legendary Innovator
Legendary Innovator
In response to longinus

‎11-10-2017 05:32 AM

The order of the permissions does not matter. If there is a DENIED set on a level in addition to an inherited ALLOWED, the DENIED has precedence.

The only way to remove inherited ALLOWED is to disable the inheritance on that folder alltogether.

0 Kudos

Go to answer
longinus
Champ in-the-making
Champ in-the-making
In response to afaust

‎11-10-2017 09:05 AM

I see. 

What's the precedence in reverse situation? I.e. when DENIED is inherited and you want to enable a group to documents in child folder only?

0 Kudos

Go to answer
longinus
Champ in-the-making
Champ in-the-making
In response to afaust

‎11-14-2017 01:01 PM

And what happens when user is in GROUP_EVERYONE with DENIED and also in another group with "Write" ALLOWED?

Would the GROUP_EVERYONE rule overwrite the 2nd group's write access? Can user be in two different groups, one of which allows him access and the other denying him access?

0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2024 Khoros, LLC