The official documentation is at: http://docs.alfresco.com
Table of Contents
Alfresco's Share UI supports collaborative content management. Using Share Sites (or just 'Sites' in this context) content can be stored, edited and accessed by team or project members.
For recent enhancements to the Site Service see Site Service 3.4
Site Content Model
<namespace uri='http://www.alfresco.org/model/site/1.0' prefix='st'/>
A site preset is a 'template' for a site.
It has no data requirements, instead it is represented by a 'folder' that resides in a well known location in an AVM store. This folder contains the 'pages' that a derived site will contain.
These 'pages' are in fact the XML page configuration containing layout and component binding information.
A Site is made up of two parts, its pages and its data.
A Site's pages are stored in an AVM store in a folder that represents the Site itself. These pages makes up the XML configuration for the site and define template and component bindings.
A Site's data is stored in the workspace store and is represented by the content model shown above. Also represented and managed on the data Site representation are the memberships of the site. These are implemented using the permission model.
Alfresco supports three levels of site visibility
- PUBLIC - the site will be visible to everyone and everyone can join.
- MODERATED - the Site Manager controls who can join the site. Everyone can see the site in a search.
- PRIVATE - the site will only be visible to the creator.
Of course, all of these permissions can be altered after creation by an admin user or the Site Manager.
Controlling who can create sites
By default any authenticated user can create sites in Share. The creator of the new site is given the Site Manager role and they control who has access to the site and in what role.
Controlling site creation permissions in Alfresco 3.4.5 and earlier
If an admin user wants to limit who can create sites, they can do this by managing node permissions in the normal way. All sites are created as nodes of type st:site under a fixed 'site root object' - the 'Sites' folder under 'Company Home'. An admin user can change the permissions on this 'Sites' node in order to restrict who has the ability to create children and hence create new sites.
In Alfresco 3.3 and earlier, the admin user must login to the Alfresco Explorer client in order to manage the permissions of the Sites root object. In Alfresco 3.4, they can access the repository nodes and manage their permissions without leaving Share.
By default, the 'everyone' authority has a Contributor role on the Sites node. You can remove 'everyone' from this node's permissions and replace it with different users or groups of your choosing.
For example, you could create a new group called SITE_CREATORS and give that group the Contributor role on the 'Sites' node. In that way, only users who are members of the SITE_CREATORS groups will be able to create sites.
Controlling site creation permissions in Alfresco 3.4.6 and later
In Alfresco Versions 3.4.6 (and higher) and 4.0, the permissions on the Sites root has been changed. To ensure that only Site objects are created within the Sites root, the Contributor permissions have been removed from the Sites root, and site creation permissions are now handled on the Site Service itself.
For Alfresco 4.0, to change who is able to create sites, you need to alter the spring context to set the permissioning. One way is to change the alfresco/public-services-security-context.xml file (in the default install found in webapps/alfresco/WEB-INF/classes/alfresco/public-services-security-context.xml)
Possible additional steps
- In 4.2.c and possibly other 4.x verions, the following steps are not required. Simply change the above parameter within the existing bean in public-services-security-context.xml, restart Alfresco, and you're done!
For Alfresco 3.4.6 and possibly other later versions, two changes need to be made in addition to the above change.
The following bean needs to be added to the public-services-security-context.xml:
<bean id='SiteService_security' class='org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor'>
The site-services-context.xml also needs be to changed, by
a) Removing the 'SiteService_security' bean, and
b) Changing the reference from
After making the above changes and restarting, only Administrators will be able to create sites.
Alternatively, you may wish to create a new Group for people able to create sites, and grant the permissions on this. See Defining Method Level Security for details on this.
Ideally you would also want to hide the buttons in web front end. Please check the Alfresco forum for help on this.