I am using Alfresco Community Edition.
I have 4 Folders.
1. Sales 2. Controller 3. Purchase 4. Accounts.
I have Multiple Users as per their teams.
The Sales Team will create a folder and send the folder to Controller, Controller sends the same folder to Purchase and Purchase to Accounts.
Here, what I want is, when a User from Sales team creates his/her folder, it should be only visible to him/her in Sales Folder and no other Sales user should be able to view it. (Only folder owner should be able to view his own content)
But when the folder is sent to other folders, there too only the Folder Owner and the other users should be able to access and view the folder.
I tried the workflow and I have successfully given the permissions to the other users, but unable to assign proper permissions to the Sales Team.
Short Explanation : Sales Member who creates a folder should be able to access his own folder and not any other members contents/folders in all 4 main folders.
Please help me on this.
Remove permission inheritance on the root folder of the site.
Set the proper permission to each folder through Manage permissions (Sales, Controller, Purchase, Account)
Setup a rule to act upon some action or manage the permissions through your workflow.
You can read up on folder permissions here.
Cheers!
There is no embedded function for your expected behavior but it is possible to archive what you expect by defining rules on the 4 main folders which call JavaScripts to run your business logic:
remove inheritance flag on new / moved objects (only on direct childs
/ folders)
remove all direct permissions and add only permissions you
want to add for this folder
The user who created the new folder will always have all permissions because Alfresco has a special role "Owner" which has similar permissions (ALL) like a Coordinator which will be still active when the folder will be moved to another main folder. If the user creating the folder should still have navigation access to the folder when it is moved you need to give Consumer permission on the all 4 folders for the sales team. This will allow to walk into the folders but only to see subfolders if the user has access.
Related
I want to model data in firestore to get items in directories shared by several users (folders are secured with security rules).
My current model is as follows:
/folders/{folder}/folders/{subfolder}
/folders/{folder}/items/{item}
/folders/{folder}/folders/{subfolder}/items/{item}
A user can access several folders and if he accesses the root folder he can also access the subfolders. He can also access subfolders (if he has permission) and his access to the root folder is restricted.
The idea is that the system can list all the items that the user can access.
Is there a way without having to make a query for each folder?
If I make a query for each folder I would have a query for each root and for each subfolder. It would be many queries
Duplicating the access roles of the folders in the items could be an option but with a big problem when the permissions are modified
The directory can only have up to two depth levels (root and
subfolders).
You could have a document per user where you can write every folder id the user can access. Then you could query only these folders.
And if you have a lot of events the users can access i would recommend to show a folder structure to the user like in a file system. So you could save a lot of unnecessary reads for documents the user does not need.
Hello Everyone thank's in advance for your help.
I am trying to configure access permission in alfresco and now stuck in a scenario
It would be great help if someone defines proper way to achieve this functionality
now my problem is
I want to create a site (which will be accessible by all user)
then will create folder and sub folder in that site (i am ready to customize content type of those folder if required)
now i want to configure alfresco in such a way that specific set of user can access specific folder and it's content
for example
This is list of user
user1,user2,user3,user4,user5
And this is folder structure
Project
Data
Test
Exam
Design
art
practice
Work
W1
W2
Now how to configure it in such a way that
user1 can access Data->Exam
user2 can access work and all it's child folder
user3 can access Data and all it's child folder
user4 can access Design and all it's child folder and
user5 can access Data->Work, Design->art,Work->W1 folder
Note that i am using CMIS api to generate this folder structure
so is there any way to achieve this by java code only ?
i have read about managing permission but not sure about using it just because when i have tried to provide permission to folder it allow to add only single user
but in my case i want to make group of user and want to make the folder accessible by that particulate group.
Thank you so much for you time :)
If you want to use a group, you'll need to create the group in Alfresco using either the admin console or the Alfresco API. CMIS cannot manage users or groups.
Once your users and groups are in place, you can use CMIS to assign them to ACLs. However, the challenge is that you may need to disable or "break" ACL inheritance to do exactly what you want. You cannot disable ACL inheritance with the CMIS API. You'll have to do it in the UI or through the Alfresco API.
With your users and groups in place and with your folders configured to inherit or not inherit parent permissions as needed, you can now add users and groups to your folders. With CMIS, you can add as many users or groups as you need to a given folder. It is not limited to a single user or group. This page has some examples on using Access Control Entries (ACEs) which make up Access Control Lists (ACLs).
I think that Jeff Potts answer is great i will only add few thing's you can look to this post it will give you an answer how to work with ACL How to get Acls of a document.
You can also use the allowable action in any Folder (or document) it will look like this :
Action a = Action.CAN_DELETE_OBJECT;
object = session.getObjectByPath(idObject); // In case it's a folder
if (object.getAllowableActions().getAllowableActions().contains(a)) {
return Boolean.TRUE;// You can do it
}
Only remember that you can get the allowable action from String (In case you want work with few of them)
String canCreateFolder= Action.CAN_CREATE_FOLDER.value();
the most importante Action that you have to use :
can_create_folder = Action.CAN_CREATE_FOLDER.value();
can_create_document = Action.CAN_CREATE_DOCUMENT.value();
can_update_folder = Action.CAN_UPDATE_PROPERTIES.value();
can_update_document = Action.CAN_UPDATE_PROPERTIES.value();
can_delete_folder = Action.CAN_DELETE_OBJECT.value();
can_delete_document = Action.CAN_DELETE_OBJECT.value();
Hope that helped you.
I´m using Alfresco-LDAP to migrate all my ldap users to Alfresco service.
So far I achieve transfer all users but for every user the home folder created in Alfresco for them is his name, and what I would like, is to share a folder for all members of the ldap group, since I have multiple groups and every user of that group only can get files from that group.
This is the property
ldap.synchronization.defaultHomeFolderProvider
I read in the Alfresco documentation http://wiki.alfresco.com/wiki/Security_and_Authentication#Creating_home_spaces_-_from_1.4_onwards
But seems like what I´m trying to do is not contemplated.
Any suggestion please?
unfortunately there is no configurable HomeFolderProvider for groups supporting specific spaces. You need to crate your own HomeFolderProvider in Java for that. Out of the box you could use the companyHomeFolderProvider which is normally used if you want to disable the homefolder feature. The user object requires a userhome to be able to log in and the work around is to set the root (company_home) for that.
s.
[1] https://wiki.alfresco.com/wiki/Security_and_Authentication#Creating_home_spaces_-_from_1.4_onwards
[2] Disable the user home folder creation
I want a folder on a site where logged-in active directory users can create sub folders and upload images under an "/Uploads" folder off the root. I am able to retrieve the username using System.DirectoryServices.
Is there a way to:
Restrict what is returned from the DirectoryInfo().GetDirectories based on their username
Set permissions on a subfolder of /Uploads (via a web page) to read/write.
You might want to look at this post on how to create folder dynamically at run time
And this post from stackoverflow shows bunch of ways to assign folder permissions. See which one applies
Good luck!
Is there any way by which I can show particular documents to particular users only ? In alfresco, all users from a site can see all the documents. I want to show the particular document to some users only. I am using alfresco community edition. Can somebody help me ??
Thanks
A site is just a folder. The site folder contains "container" folders for things like the document library, wiki, data lists, etc. You can set permissions on these folders just like you can any folder in Alfresco. Similarly, documents can have their permissions set individually.
The confusion arises because when you are using Share in the context of a particular site, the permissions settings don't offer granular settings. But if you navigate to your site through the "Repository" view (see the link at the top of the page), you can have full control over the permissions.
Suppose we have a site called test-site and a folder called test in that site's document library that contains a document, testdoc.pdf. You should be able to:
Click the "Repository" link at the top of the page.
Click the "Sites" folder.
Click the "test-site" folder.
Click the "documentLibrary" folder.
Click the "test" folder.
Click testdoc.pdf to open its details page.
Click "Manage Permissions".
By default, objects inherit the permissions of their parent. So testdoc.pdf has the permissions of its parent folder. If you want to remove all permissions and set explicit, "local" permissions on testdoc.pdf...
Click "Inherit Permissions" to turn off inheritance.
Click "Add User or Group" to add specific users or groups with the access level you want them to have.