PermissionModelDefintionExample

Document created by resplin Employee on Jun 6, 2015
Version 1Show Document
  • View in full screen mode

Obsolete Pages{{Obsolete}}

The official documentation is at: http://docs.alfresco.com



Authorization
This is the permission model used in v1.0 of the enterprise product.

In the Alfresco enterprise 1.1.2 you should find this file in the your_install_dir/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/model/permissionDefinitions.xml  file.

If you run Jboss with Default server JBoss: <JBOSS_HOME>/server/default/tmp/deploy/tmp*alfresco-exp.war/WEB-INF/classes/alfresco/model/permissionDefinitions.xml  file.



Back to Permissions and Roles Configuration

Custom Permissions in Share



<permissions>
    
   
   <namespaces>
      <namespace uri='http://www.alfresco.org/model/system/1.0' prefix='sys'/>
      <namespace uri='http://www.alfresco.org/model/content/1.0' prefix='cm'/>
   </namespaces>








   


   
   <permissionSet type='sys:base' expose='all' >
   


     








   



     
      <permissionGroup name='FullControl' expose='true' allowFullControl='true' />



     
      <permissionGroup name='Read'  expose='true' allowFullControl='false' /> 
      <permissionGroup name='Write' expose='true' allowFullControl='false' /> 
      <permissionGroup name='Delete' expose='true' allowFullControl='false' /> 
      <permissionGroup name='AddChildren' expose='true' allowFullControl='false' /> 
   


   






     
      <permission name='ReadProperties' expose='true' >
         <grantedToGroup permissionGroup='Read' />
         <requiredPermission on='parent' name='ReadChildren' implies='false'/>
      </permission>
     




     
      <permission name='ReadChildren' expose='true' >
         <grantedToGroup permissionGroup='Read' />
         <requiredPermission on='parent' name='ReadChildren' implies='false'/>
      </permission>
     




     
      <permission name='WriteProperties' expose='true' >
         <grantedToGroup permissionGroup='Write' />
         <requiredPermission on='parent' name='ReadChildren' implies='false'/>
      </permission>
     







     
      <permission name='DeleteNode' expose='true' >
         <grantedToGroup permissionGroup='Delete' />
         <requiredPermission on='parent' name='ReadChildren' implies='false'/>
         <requiredPermission on='parent' name='DeleteChildren' implies='false'/>
         <requiredPermission on='node' name='DeleteChildren' implies='false'/>



      </permission>
     
     



      <permission name='DeleteChildren' expose='true' >
         <grantedToGroup permissionGroup='Delete' />
         <requiredPermission on='parent' name='ReadChildren' implies='false'/>
      </permission>
     
     
      <permission name='CreateChildren' expose='true' >
         <grantedToGroup permissionGroup='AddChildren' />
         <requiredPermission on='parent' name='ReadChildren' implies='false' />
      </permission>
     
     
      <permission name='LinkChildren' expose='true' >
         <grantedToGroup permissionGroup='AddChildren' />
         <requiredPermission on='parent' name='ReadChildren' implies='false'/>
      </permission>
    
    
      <permission name='DeleteAssociations' expose='true' >
        <requiredPermission on='parent' name='ReadChildren' implies='false'/>
      </permission>
     
     
      <permission name='ReadAssociations' expose='true' >
        <requiredPermission on='parent' name='ReadChildren' implies='false' />
      </permission>
     
     
      <permission name='CreateAssociations' expose='true' >
        <requiredPermission on='parent' name='ReadChildren' implies='false' />
      </permission>
     


     
     
      <permission name='ReadPermissions' expose='true' >
        <requiredPermission on='parent' name='ReadChildren' implies='false'/>
      </permission>
     
     
      <permission name='ChangePermissions' expose='true' >
        <requiredPermission on='parent' name='ReadChildren' implies='false'/>
      </permission>
     
   </permissionSet>
  


  
   <permissionSet type='cm:content' expose='all'>

      <permissionGroup name='Read' extends='true' expose='true'/>
      <permissionGroup name='Write' extends='true' expose='true'/>
     
      <permissionGroup name='Execute' allowFullControl='false' expose='true'/>
     
     
     
      <permission name='ReadContent' expose='true'>
         <grantedToGroup permissionGroup='Read'/>
         <requiredPermission on='parent' name='ReadChildren' implies='false'/>
      </permission>

     
      <permission name='WriteContent' expose='true'>
         <grantedToGroup permissionGroup='Write' />
         <requiredPermission on='parent' name='ReadChildren' implies='false'/>
      </permission>
     
     
      <permission name='ExecuteContent' expose='true'>
         <grantedToGroup permissionGroup='Execute' />
         <requiredPermission on='parent' name='ReadChildren' implies='false'/>
      </permission>
     
   </permissionSet>
  


  
   <permissionSet type='cm:ownable' expose='selected'>
     
      <permissionGroup name='TakeOwnership' requiresType='false' expose='false'/>
     
      <permission name='SetOwner' expose='false' requiresType='false'>
        <grantedToGroup permissionGroup='TakeOwnership' />
        <requiredPermission on='parent' name='ReadChildren' />
        <requiredPermission on='node' name='WriteProperties' />
      </permission>
     
   </permissionSet>
  
  


  
   <permissionSet type='cm:lockable' expose='selected'>
   

   
      <permissionGroup name='CheckOut' requiresType='false' expose='false'/>
     
      <permissionGroup name='CheckIn' requiresType='true' expose='false'/>
     
      <permissionGroup name='CancelCheckOut' requiresType='true' expose='false'/>
   
      <permission name='Lock' requiresType='false' expose='false'>
        <grantedToGroup permissionGroup='CheckOut' />
        <requiredPermission on='node' type='sys:base'  name='Write'/>
      </permission>
     
      <permission name='Unlock' requiresType='true' expose='false'>
        <grantedToGroup permissionGroup='CheckIn' />
        <grantedToGroup permissionGroup='CancelCheckOut' />
      </permission>     
     
   </permissionSet>
  
  


  
  
   <permissionSet type='cm:folder' expose='selected'>

        <permissionGroup name='Administrator' allowFullControl='true' expose='false' />
       

        <permissionGroup name='Coordinator' allowFullControl='true' expose='true' />
       

        <permissionGroup name='Contributor' allowFullControl='false' expose='true' >

            <includePermissionGroup permissionGroup='Guest' type='cm:folder'/>
            <includePermissionGroup permissionGroup='AddChildren' type='sys:base'/>

            <includePermissionGroup type='cm:lockable' permissionGroup='CheckOut'/>
        </permissionGroup>
       


        <permissionGroup name='Editor'  expose='true' allowFullControl='false' >
            <includePermissionGroup type='cm:folder' permissionGroup='Guest'/>
            <includePermissionGroup type='sys:base' permissionGroup='Write'/>
            <includePermissionGroup type='cm:lockable' permissionGroup='CheckOut'/>
        </permissionGroup>
       
        <permissionGroup name='Guest' allowFullControl='false' expose='true' >
            <includePermissionGroup permissionGroup='Read' type='sys:base' />
        </permissionGroup>
   </permissionSet>
  
  


  



     
   <globalPermission permission='FullControl' authority='ROLE_ADMINISTRATOR'/>
  
   <globalPermission permission='FullControl' authority='ROLE_OWNER'/>
  
   <globalPermission permission='Unlock' authority='ROLE_LOCK_OWNER'/>
  
   <globalPermission permission='CheckIn' authority='ROLE_LOCK_OWNER'/>
  
   <globalPermission permission='CancelCheckOut' authority='ROLE_LOCK_OWNER'/>
  
</permissions>

Attachments

    Outcomes