Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict User from downloading document

edwsin
Champ on-the-rise
Champ on-the-rise

‎12-07-2012 03:30 AM

Hi all,
I recently just installed alfresco on windows machine, and i used the community edition with the latest version 4.2.b.
The main purpose is i would like to use the document management system, and i found 1 major issue that is not fit, which is:
1. All type of role can download the document
Is there a way on how to restrict certain role to download a document and download a folder…?


Thanks in advanced
Edwsin
Labels:
7 REPLIES 7

afaust
Legendary Innovator
Legendary Innovator

‎12-07-2012 12:13 PM

Hello,

two basic approaches are possible here:

1) Do not grant the people read permissions on the content - either they are allowed to access (and thus download) a file or not. Since Alfresco provides various ways to access content, you will find that users do find a way to download content even if the action is not available in the main UI. Only by limiting the permissions can you be certain they can't view / download content at all.
2) Change the configuration for the download action via configuration in your share-config.xml. Take a look at the documentation on how you could remove or limit the availability of an action via configuration.

Regards
Axel
0 Kudos

edwsin
Champ on-the-rise
Champ on-the-rise

‎12-13-2012 11:30 PM

Hello,

two basic approaches are possible here:

1) Do not grant the people read permissions on the content - either they are allowed to access (and thus download) a file or not. Since Alfresco provides various ways to access content, you will find that users do find a way to download content even if the action is not available in the main UI. Only by limiting the permissions can you be certain they can't view / download content at all.
2) Change the configuration for the download action via configuration in your share-config.xml. Take a look at the documentation on how you could remove or limit the availability of an action via configuration.

Regards
Axel
hi AFaust,
Thanks for the reply,
But i could not understand the point number 2, i found the file share-config.xml but i do not know what i need to edit  :roll:
Could you please kindly show me some example…? Smiley Happy
0 Kudos

cogitech
Champ in-the-making
Champ in-the-making

‎12-14-2012 11:40 AM

My company requires this feature as well, and I have seen many posts in this forum requesting it too.

I found one post with instructions on editing all sorts of files to create a custom permission for downloading. It did not work for me (I am not a programmer), and I think it is ridiculous to expect regular users to edit the code to get access to such basic functionality.

Axel,

Option 1 is unacceptable. The point is to allow specific users/groups "view only" access to the document. Your evaluation of the practicality or utility of such a feature is meaningless.

Option 2 is incomplete/insufficient. As I said, many people want/need this feature. It is unreasonable to expect Alfresco users to edit the code for such a basic feature. Either provide precise instructions of exactly what file(s) to edit (including the code replacements) or offer a script which will make the appropriate changes. Better yet, include this feature user/group management interface in the next release.
0 Kudos

afaust
Legendary Innovator
Legendary Innovator

‎12-14-2012 01:15 PM

Hello,

@edwsin

You can override the configuration of the download action in share-config-custom.xml, which by default is configured as:


<action id="document-download" type="link" label="actions.document.download">
   <param name="href">{downloadUrl}</param>
</action>

Now if you were to define a new business permission and assign it e.g. to the role SiteCollaboraton but not SiteConsumer (via a custom permission definition XML), you can use that to restrict the download action to those who have that custom permission. In the simplest of cases, this only requires a simple change, e.g.:


<action id="document-download" type="link" label="actions.document.download">
   <param name="href">{downloadUrl}</param>
   <permissions>
      <permission allow="true">Name_of_your_Download_Permission</permission>
   </permissions>
</action>

Please bear in mind, that this only affects the Share UI and other interfaces (WebDAV, CIFS, FTP, IMAP etc.) won't care a bit about your permission.
Now, the "Read" permission can actually be sub-divided into "ReadProperties" and "ReadContent", where only the latter is required for downloading files via any interface. Although it is technically possible to only assign the "ReadProperties" permission to a user / group, so that the file can be seen but not downloaded, this is not recommended. Since the read-permissions are very low-level, a lot of other functionality (from Alfresco as well as the community), relies on the standard behavior to function correctly. If you break up "ReadProperties" and "ReadContent", you may be faced with significant side effects.

Regards
Axel

=======

It is unreasonable to expect Alfresco users to edit the code for such a basic feature.
This question was asked in the "Developer Discussions" forum. I do expect Alfresco developers to edit code for basic customizations and assume anyone here to be a developer unless stated otherwise, like you did.

Either provide precise instructions of exactly what file(s) to edit (including the code replacements) or offer a script which will make the appropriate changes.
I have indicated a resource where relevant instructions and documentation can be found. Now I am glad to assist in any follow-up questions, but do not see myself as a free-to-hire developer that has to present a ready-to-use solution, especially if I don't know enough about the application context to do so.

Better yet, include this feature user/group management interface in the next release.
This is primarily a community forum for exchanging ideas or requesting help from fellow members of the community. I am not an Alfresco employee and have no say in the development plans for the product. If you'd like to request a feature from Alfresco, please feel free to raise an "Improvement" in the official Alfresco JIRA, which tracks concrete requests from the user / developer community and is open for input from anyone.
0 Kudos

njk84sg
Champ in-the-making
Champ in-the-making
In response to afaust

‎12-17-2013 10:51 PM

Hi Axel, I am unable to find the share-config-custom.xml file in the working Alfresco folder containing the code snippet that you mentioned.

Please advice. Thank you.

BTW, the version I am using is 4.2.e-2 thanks.
0 Kudos

gfard
Champ in-the-making
Champ in-the-making

‎10-13-2014 10:53 AM

Dear all,

I would like to inform me if the following case can be implemented.
I would like to achieve a workflow structure for deny or approve downloading of some assets [ex. images] for a User group.
They will ask the Admin whether to download or not download the file.

Thanks a lot for your time.
0 Kudos

mrsoto
Champ in-the-making
Champ in-the-making

‎02-18-2016 04:25 PM

Hello, AFrust

    I'was exited because I was changed the correct files adding permissions to download document action, but, the document viewer has an additional download button and folders/documents selected in the library browser let download selected documents and folders as a zip.

Where can I change permissions related to this download button?

Alfresco 4.2.f community

Update:

I found a solution for limit download in library browser in the forum [1], this let limit download in document list but the additional (not in actions) download button persist.

My changes was:

       <multi-select>
-         <action type="action-link" id="onActionDownload" label="menu.selected-items.download" />
-         <action type="action-link" id="onActionCopyTo" label="menu.selected-items.copy" />
+         <action type="action-link" id="onActionDownload" permission="Write" label="menu.selected-items.download" />
+        <action type="action-link" id="onActionMultiDownload" permission="Write" label="menu.selected-items.multidownload" />
+         <action type="action-link" id="onActionCopyTo" permission="Write" label="menu.selected-items.copy" />
          <action type="action-link" id="onActionMoveTo" permission="Delete" label="menu.selected-items.move"/>
          <action type="action-link" id="onActionAssignWorkflow" asset="document" label="menu.selected-items.assign-workflow"/>
          <action type="action-link" id="onActionDelete" permission="Delete" label="menu.selected-items.delete"/>


1: https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/how-...
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC