cancel
Showing results for 
Search instead for 
Did you mean: 

Make action available only for a specific LDAP group

franciscoduarte
Champ in-the-making
Champ in-the-making

Hello,

I need to make a share action available only for users from a specific LDAP group.

I know that I can use an Evaluator to build this logic but my problem is that I don't know how to access the LDAP information from ACS. Is there an OOTB way to do this?

I'm using ACS 7.2 Enterprise.

Best regards,

Francisco Duarte

1 ACCEPTED ANSWER

cesarista
World-Class Innovator
World-Class Innovator

Hi:

Try defining an evaluator based in evaluator.doclib.action.groupMembership.

For example:

<bean id="evaluator.doclib.action.isWebPublisher" parent="evaluator.doclib.action.groupMembership">
<property name="groups">
<list>
<value>GROUP_WEB_PUBLISHER</value>
</list>
</property>
</bean>

You should integrate Alfresco with your LDAP, and sync your LDAP groups. So it is expected to sync a WEB_PUBLISHER group of the LDAP.

Then you may use the evaluator inside the action definition.

<action id="execute-web-workflow1" type="javascript" label="web.action.action1">
<param name="function">onActionSimpleRepoAction</param>
<param name="action">execute-web-workflow-action1</param>
<param name="successMessage">web.message.success.action1</param>
<param name="failureMessage">web.message.failure.action1</param>
<evaluator>evaluator.doclib.action.isWebPublisher</evaluator>
</action>

Regards.

--C.

View answer in original post

3 REPLIES 3

cesarista
World-Class Innovator
World-Class Innovator

Hi:

Try defining an evaluator based in evaluator.doclib.action.groupMembership.

For example:

<bean id="evaluator.doclib.action.isWebPublisher" parent="evaluator.doclib.action.groupMembership">
<property name="groups">
<list>
<value>GROUP_WEB_PUBLISHER</value>
</list>
</property>
</bean>

You should integrate Alfresco with your LDAP, and sync your LDAP groups. So it is expected to sync a WEB_PUBLISHER group of the LDAP.

Then you may use the evaluator inside the action definition.

<action id="execute-web-workflow1" type="javascript" label="web.action.action1">
<param name="function">onActionSimpleRepoAction</param>
<param name="action">execute-web-workflow-action1</param>
<param name="successMessage">web.message.success.action1</param>
<param name="failureMessage">web.message.failure.action1</param>
<evaluator>evaluator.doclib.action.isWebPublisher</evaluator>
</action>

Regards.

--C.

Hello,

Is this supposed to work with LDAP groups?

In Admin Tools > Users > Admin, I see the group ALFRESCO_ADMINISTRATORS for example.

I tried to add this group to the XML and it didn't work.

After that, I tried SiteManager, and it worked. It seems this evaluator.doclib.action.groupMembership only works with the site roles and not LDAP groups.

Best regards and thankyou for your answer,

Francisco Diarte

Hello,

Never mind my last post. I had to add the "GROUP_" before the group name.

It's working now.

Thanks for the help,

Francisco Duarte