cancel
Showing results for 
Search instead for 
Did you mean: 

removing certain privileges from the role

aniruddha
Champ on-the-rise
Champ on-the-rise

hi ,

i am trying to remove the delete option for his qwn document from  contributor .

How can it be done .

12 REPLIES 12

afaust
Legendary Innovator
Legendary Innovator

This can easily be done by implementing a policy / behaviour to set the document owner to the NO_OWNER (empty string) special value. A contributor does not by itself have the privilege to delete any document - that only is granted by the fact that the creator of a document is by default its owner, and gets delete privileges via the OWNER role.

aniruddha
Champ on-the-rise
Champ on-the-rise

i don't want to give delete privileges for Contributor role .

and not even to his own file. Please explain through step by step

afaust
Legendary Innovator
Legendary Innovator

Even better: I can point you to a decent tutorial on how to write behaviours / policies.

When you understood that, then you only need to use the OwnableService to set the owner to OwnableService.NO_OWNER for any documents you need to handle. BE CAREFUL: Do not apply this logic to ALL documents in Alfresco, only those you really need to handle. Otherwise you will break your system i.e. if you remove owner privileges from technical documents (thumbnails, preferences...). One option is to use the SiteService to check if the node is part of a specific site you want to handle, or even contained in a documentLibrary, and use NodeService + DictionaryService to check if the node may be a thumbnail which you wouldn't want to handle.

aniruddha
Champ on-the-rise
Champ on-the-rise

how to achieve user based access control in alfresco

afaust
Legendary Innovator
Legendary Innovator

... by assigning permissions on nodes to users? I am not sure I understand that question. Maybe it is just too trivial a thing that I don't understand what problem you could have understanding.

aniruddha
Champ on-the-rise
Champ on-the-rise

i meant that how can we set permissions based on user id ,not on thier roles??

afaust
Legendary Innovator
Legendary Innovator

That does not make it clearer. What you are describing IS "assigning permissions". Technically speaking there is no "role" in Alfresco. "Contributor" is just a permission that has been set for a particular user / group on a particular node, and which is inherited through the hierarchy. The permission "Contributor" includes other, more fine-grained permissions, like "AddChildren", which allows to create new nodes into existing structures. When you only want to deal with the low level (granular) permissions, than you'd need to customise the UI to expose those and only use these for permission assignment instead of the high-level "Contributor" one. The process would still be the same - assign permission X to user / group Y on node Z either via the "Manage Permissions" action in the UI or the PermissionService.setPermission() operation in Java code (or indirectly via a ReST API).

aniruddha
Champ on-the-rise
Champ on-the-rise

i cant get it properly

aniruddha
Champ on-the-rise
Champ on-the-rise

for new custom role how to give permissions like write, delete, view etc