I created a Dashlet in Alfresco Share with an Overwiew of the Replication Jobs. I changed the permissions in the Replication Definition Webscripts from admin to user. As Admin i can start the Replication Job from the Dashlet.
Is it possible to adjust the permissions, that a Site Manager or User can start the Replication Job? I still got a "Access Denied Problem".
Where do i have to look at?
Thanks!
No, all the Replication Job WebScripts explicitly require admin privileges so it is not possible to do this out-of-the-box.
If you really want to achieve this then your only option would be to override the relevant WebScripts (essentially copy/paste the defaults) and change the *.desc.xml files to change
<authentication>admin</authentication>
to be
<authentication>user</authentication>
However, that would make them available for any user to run. You would need to further edit the WebScripts to make checks that the user is a member of a specific group.
I changed the authentication to
<authentication runas="admin">user</authentication>
That helped for me.
Related
I need to Disable directory listing in .
Any suggestions ?
I tried to search for result in google but didn't find any
I only found a way that you can block the connection to the URL but this isn't what i need
If you are looking to disable the directory-listing for particular users, then you can achieve this by adding providing the repository path exclude-pattern at the permission target end.
In the below example, I have enabled anonymous user access only to specific packages, Please refer below steps for the same:
I have created a PyPI local repository, deployed python packages into it as shown in the below screenshot:
screenshot
After this, created a permissions target to restrict access to a specific folder called st-fraud-infra to the anonymous user. Hence added st-fraud-infra/** as a exclude pattern, kindly refer to the below screenshot for the same:
screenshot
Add anonymous users from the Users tab and provided appropriate permissions based on your requirement.
screenshot
Once you saved the permission target while accessing the Artifactory through the anonymous user, I could not see the excluded folder which is st-fraud-infra.
screenshot
I have noticed that in Dropbox, you can share a file with another user, in 'read' mode, and that viewer has the ability to share that file with others via a read-only sharable link. However, in Drive, a read-only user is unable to share a link with another user at all.
Which approach would be more similar to how the Unix/Linux approach to permissions works? Why?
Try to visit the Google Drive REST API Overview in the official GDrive documentation specifically in the Share and collaborate section which was elaborated as:
apps can display a standard Google Drive sharing dialog to let users share files
What you want to do is more on Manage Sharing:
Access to files & folders is determined by an access control list
(ACL). An ACL is a list of permissions that determine whether or not
users can perform actions on a file such as read or write. See the
permissions
guide
for additional details about permissions and roles along with the
reference
guide.
Also, what want is to assign a direct file permission to the user, group or domain. It was stated to use the teamDrivePermissionDetails field to determine the use of effective role.
To see more on how to lists a file's or Team Drive permission, you can refer to the method Permissions: list
Hello Everyone thank's in advance for your help.
I am trying to configure access permission in alfresco and now stuck in a scenario
It would be great help if someone defines proper way to achieve this functionality
now my problem is
I want to create a site (which will be accessible by all user)
then will create folder and sub folder in that site (i am ready to customize content type of those folder if required)
now i want to configure alfresco in such a way that specific set of user can access specific folder and it's content
for example
This is list of user
user1,user2,user3,user4,user5
And this is folder structure
Project
Data
Test
Exam
Design
art
practice
Work
W1
W2
Now how to configure it in such a way that
user1 can access Data->Exam
user2 can access work and all it's child folder
user3 can access Data and all it's child folder
user4 can access Design and all it's child folder and
user5 can access Data->Work, Design->art,Work->W1 folder
Note that i am using CMIS api to generate this folder structure
so is there any way to achieve this by java code only ?
i have read about managing permission but not sure about using it just because when i have tried to provide permission to folder it allow to add only single user
but in my case i want to make group of user and want to make the folder accessible by that particulate group.
Thank you so much for you time :)
If you want to use a group, you'll need to create the group in Alfresco using either the admin console or the Alfresco API. CMIS cannot manage users or groups.
Once your users and groups are in place, you can use CMIS to assign them to ACLs. However, the challenge is that you may need to disable or "break" ACL inheritance to do exactly what you want. You cannot disable ACL inheritance with the CMIS API. You'll have to do it in the UI or through the Alfresco API.
With your users and groups in place and with your folders configured to inherit or not inherit parent permissions as needed, you can now add users and groups to your folders. With CMIS, you can add as many users or groups as you need to a given folder. It is not limited to a single user or group. This page has some examples on using Access Control Entries (ACEs) which make up Access Control Lists (ACLs).
I think that Jeff Potts answer is great i will only add few thing's you can look to this post it will give you an answer how to work with ACL How to get Acls of a document.
You can also use the allowable action in any Folder (or document) it will look like this :
Action a = Action.CAN_DELETE_OBJECT;
object = session.getObjectByPath(idObject); // In case it's a folder
if (object.getAllowableActions().getAllowableActions().contains(a)) {
return Boolean.TRUE;// You can do it
}
Only remember that you can get the allowable action from String (In case you want work with few of them)
String canCreateFolder= Action.CAN_CREATE_FOLDER.value();
the most importante Action that you have to use :
can_create_folder = Action.CAN_CREATE_FOLDER.value();
can_create_document = Action.CAN_CREATE_DOCUMENT.value();
can_update_folder = Action.CAN_UPDATE_PROPERTIES.value();
can_update_document = Action.CAN_UPDATE_PROPERTIES.value();
can_delete_folder = Action.CAN_DELETE_OBJECT.value();
can_delete_document = Action.CAN_DELETE_OBJECT.value();
Hope that helped you.
i know that people couldn't say that this is trivial, but i have search for days in internet and can not be able to do this.
i am using visual studio 2010 ultimate and have created my setup with setup and deployment of vs 2010.the problem is that i have an application folder which contains my database and which is deployed with my application. When i deploy it in administrator part of computer, all is correct, i devined that it is due to fullcontrol permission of administrator programfiles folder.But when i deploy it in another account, application don't has access to database for writting. i looked for the web site and understood that this is due to programfiles folder permission for others users.So i decide to do another research in order to give more rights to users for this folder.
I finally understood that i can achieve this with authoring tools like robocopy by using custom action or with a command line by just correctly write my custom action. After more researchs, i understood that i can do it with a command line which use robocopy and give folder permission during installation for this custom action or only with custom action.
for custom action, i tried many links, but the best link that i obtained was (How to give Read/Write permissions to a Folder during installation using .NET) without success (i change /folder="[CommonAppDataFolder][ProductName] with /folder="[CommonAppDataFolder][Manufacturer][ProductName] in customactiondata" due to the fact that product name is in my manufacturer folder").i don't understand why this code don't change folder permissions during installing and don't know how i can use robocopy or icalcs in custom action to change folder permissions during installation. my setup and others requirements have been packaged with dotnetInstaller, i dont know if i can be able to continue use it.
please, i greatly need your help to be able to do this
i have solved the problem. After many trying, i understood that i was giving permission to the wrong folder because my documents and database were contained in programfile folder. after understand this, i only change the place to set permission by :/folder="[ProgramFilesFolder][Manufacturer][ProductName]" and permission have been setted.
We have a situation, where a node (It was a client lib folder) got deleted from AEM repository, not sure which user did this. I was looking, if AEM stores Node/Folder deletion history somewhere, so that we can identify, who had taken action of deleting the node.
Few options I tried/was thinking of
Tried to check logs, if there some info, but on creation or deletion of node, didn't see any logs with node name
Have a content change listener on repo, but that will load AEM un-necessarily. Also this will not give information on nodes which were deleted before listener was registered.
Is there a audit log or history stored for deleted nodes in AEM?
Yes AEM can store and provide audit log entries for WCM events like e.g. page modifications.
But it requires the audit logger to be enabled (through the configuration admin console /system/console/configMgr).
If this is the case then check either the audit.log file in your logs directory or the audit records below /var/audit
If it is a client lib folder that got deleted, then audit log won't help you much because it logs pages/dam creation/changes/deletion events.
You need to write your own listener for that, which will just make the repository grow.
I can only think of it happening on a dev like env as write access to /etc or /apps should be restricted on prod like envs.
Anyway to restore the content just reinstall the package through which the clientlib got installed.