Custom Permissions in Share

Document created by resplin Employee on Jun 6, 2015Last modified by alfresco-archivist on Aug 31, 2016
Version 4Show Document
  • View in full screen mode

Obsolete Pages{{Obsolete}}

The official documentation is at:

AuthorizationAlfresco Share


This wiki page explains how to create a custom Role within Alfresco for use in Alfresco Share. 

A note of caution.  If you add custom roles after you create sites those sites will break.  While there may be a way to get around that the instructions in this guide assume this is a clean install with no sites created.

Versions Tested

  • 3.1.1 Enterprise
  • 3.2 Beta 1 Enterprise
  • 5.0b Community


  • Windows XP
  • Tomcat 6
  • Java 1.6
  • MySQL 5.1


There are three steps to creating and using a custom Role within Alfresco Share:

Define A New Role

In <shared>classes/alfresco/extension
Copy the sitePermissionDefinitions.xml file from the alfresco-repository.jar/alfresco/models to <shared>classes/alfresco/extension

Notice the following file should differ from your default file.  We have added

<permissionGroup name='SiteCustomManager' allowFullControl='false' expose='true'>
      <includePermissionGroup permissionGroup='Collaborator' type='cm:cmobject' />

as our custom Role.  Basically this is a new type of Collaborator we are calling Manager.  However, Share already has a Site Manager Role, so we are going to call this Custom Manager just for this tutorial.

Your file should look like the following when done editing:

      <namespace uri='' prefix='sys'/>
      <namespace uri='' prefix='cm'/>
      <namespace uri='' prefix='st'/>

   <permissionSet type='st:site' expose='selected'>
      <permissionGroup name='SiteManager' allowFullControl='true' expose='true' />
      <permissionGroup name='SiteCollaborator' allowFullControl='false' expose='true'>
         <includePermissionGroup permissionGroup='Collaborator' type='cm:cmobject' />
      <permissionGroup name='SiteCustomManager' allowFullControl='false' expose='true'>
  <includePermissionGroup permissionGroup='Collaborator' type='cm:cmobject' />
      <permissionGroup name='SiteContributor' allowFullControl='false' expose='true'>
         <includePermissionGroup permissionGroup='Contributor' type='cm:cmobject' />
      <permissionGroup name='SiteConsumer' allowFullControl='false' expose='true'>
         <includePermissionGroup permissionGroup='Consumer' type='cm:cmobject' />


Modify Document Library Properties

This file controls what text is shown for the Document Library Module Permissions functions.


You will need to add two new properties to the file:

group.SiteCustomManager=Custom Managers
role.SiteCustomManager=Custom Managers privileges

NOTE: Make sure you edit the properties file as appropriate for your locale, e.g.

When done your file should look like the following:

## Titles
title.single=Manage Permissions for {0}
title.multi=Manage Permissions for {0} items
header.manage=Groups and Privileges

## Labels
label.reset-all=Use Defaults
label.mangerdefaults=Note: Site Managers always have full privileges.

## Messages
message.permissions.success=Permissions on {0} items updated successfully
message.permissions.failure=Could not update permissions

## Groups
group.SiteManager=Site Managers
group.EVERYONE=All Other Users

## Roles
role.None=No privileges
role.SiteManager=Manager privileges
role.SiteContributor=Contributor privileges
role.SiteCollaborator=Collaborator privileges
role.SiteConsumer=Consumer privileges

## Added by MJL 10/12/2009
group.SiteCustomManager=Custom Managers
role.SiteCustomManager=Custom Managers privileges

You will also need to update the following file:


To add the following property:

role.SiteCustomManager=Custom Managers privileges

This property is used when modifying the privileges of site members after they have been invited.

Modify Invitation Properties

When you invite a user to a Share Site you will need to give that user a Role.  This is controlled through the Invite Web Script which is part of the Site Member Component in any given Shar Site.  Open the following file, we will need to add two properties:


You will need to add two new properties to the file:

group.SiteCustomManager=Custom Managers
role.SiteCustomManager=Custom Managers

Notice in your file there are no entries for any of the Roles.  Not sure where the Web Script is picking up the other Roles, but we can easily add these lines to the property file to have the UI show our new Role.  Your file should look like the following:

## messages
message.inviteresult={0} invites sent out, {1} failures

## labels
invitationlist.title=Invite Users
invitationlist.selectallroles=Set All Roles to
invitationlist.selectrole=Select Role
invitationlist.empty-list=Users added here will be invited
invitationlist.back-to=back to Site Members

## role labels

## Added by MJL 10/12/2009
role.SiteCustomManager=Manager privileges


There are three places where we can set a users permissions. 

  1. On an individual document or folder in the Document Library.
  2. In the Site Members tab, Set All Roles drop down.
  3. In the Site Members tab, Set User Role drop down.

The following screen shots show this working. 

Document Library Screenshot


Invite Member and Set All Roles Screenshot


Invite Member and Set User Role Screenshot



  • Need to make sure these are the only three places user Roles can be set in Share. 
  • Need to find out where the Invitation Web Script is getting it's Roles list.  Maybe there is a better place to add our text than invitationlist.get[locale].properties
  • Also, the new role must be added to the roleComparator been that is injected into the SiteService

How to fix broken existing sites

As mentioned at the top of this article, creating a new custom Share role breaks some functionality of existing sites. (JIRA related to this issue is

In order to fix this issue, you need to create a script to manually add a site role group for all existing sites.

e.g. GROUP_site_<my site>_<my custom role>