Help

How to create custom roles inherited from parent folder?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
mgralien
Member II
‎19 Mar 2019 2:48 PM

How to create custom roles inherited from parent folder?

Hi,

I have a problem with creating custom roles in Alfresco. Currently I have two custom types of content:

  • acme:documentTK
  • acme:documentDS

What I need to do is create custom Customer role for each type:

  • CustomerTK
  • CustomerDS

User with role CustomTK should have read access to acme:documentTK documents and not for acme:documentDS documents. User with role CustomDS should have read access to acme:documentDS only. I`ve created a role for each type. If I configure permissions on document level it works fine. Unfortunately I don`t want to configure permissions for every document. I would like to configure permissions on parent folder and inherits them on document. E.g. I have simple folder:

  • Documents Folder
    • document1.pdf (acme:documentTK)
    • document2.pdf (acme:documentDS)

Documents Folder has two configured permissions:

  • User A (CustomerTK)
  • User B (CustomerDS)

Permissions inheritance is disabled on folder and enabled on documents.

Result:

User A and User B have access to Documents Folder and to all documents (document1.pdf and document2.pdf)

Expected result:

User A and User B have access to Documents Folder. User A can only see document1.pdf in folder and User B can only see document2.pdf in folder.

Below are my custom permission definitions:

<permissionSet type="cm:cmobject" expose="selected">
   ...
   <permissionGroup name="ConsumerTK" allowFullControl="false" expose="false" />
   <permissionGroup name="ConsumerDS" allowFullControl="false" expose="false" />
</permissionSet>

<permissionSet type="cm:folder" expose="selected">
   ...
   <permissionGroup name="ConsumerTK" type="cm:cmobject" extends="true" expose="true">
      <includePermissionGroup permissionGroup="Read" type="sys:base" />
   </permissionGroup>
   <permissionGroup name="ConsumerDS" type="cm:cmobject" extends="true" expose="true">
      <includePermissionGroup permissionGroup="Read" type="sys:base" />
   </permissionGroup>
</permissionSet>

<permissionSet type="acme:documentTK" expose="selected">
   <permissionGroup name="ConsumerTK" type="cm:cmobject" extends="true" expose="true">
      <includePermissionGroup permissionGroup="Read" type="sys:base" />
   </permissionGroup>
</permissionSet>

<permissionSet type="acme:documentDS" expose="selected">
   <permissionGroup name="ConsumerDS" type="cm:cmobject" extends="true" expose="true">
      <includePermissionGroup permissionGroup="Read" type="sys:base" />
   </permissionGroup>
</permissionSet>

I checked many configurations but results are the same. I was trying to not modify original permissionDefinitions.xml and three dots means that there is original configuration copied to my xml for cm:cmobject and cm:folder type.

Is it possible to do this by adding permissions to folder?

I will be grateful for any suggestions.

Peter

0 Kudos
4 Replies
roberto_gamiz
Established Member II
‎19 Mar 2019 6:20 PM

Re: How to create custom roles inherited from parent folder?

Hello,

I think your best option is create a script that perform the role assignation and execute it in the folder using a rule in content creation or content update.

This script would use Javascript APIs to check the type of the new content and assing it the set of permissions you want.

Best,

Venzia IT Services & Consulting SL
AQuA Developers | Venzia Alfresco News | Venzia Community
0 Kudos
mgralien
Member II
‎19 Mar 2019 6:50 PM

Re: How to create custom roles inherited from parent folder?

Thanks for the answer.

I know that it can be done using rules. But I wonder if it`s possible using permission definions without creating rules. Maybe someone tried that.

Does it impact on repository if permissions are configured on every document instead of parent folder?

I`ve found a thread about similar case: https://community.alfresco.com/thread/166670-customize-permissions-based-on-types Unfortunately a link with possible solution isn`t working. This thread shows a configuration with a Dummy role which was added in cm:cmobject, cm:content and cm:folder type.

BR,
Peter

0 Kudos
roberto_gamiz
Established Member II
‎19 Mar 2019 8:51 PM

Re: How to create custom roles inherited from parent folder?

Hello,

I read the post and I see that its final conclusión is that is not  not possible with configuration od permissions. I presume that the link explain a solution based on rules or behaviours.

If you wan't to use rules maybe you can implement a solution based on Behaviours (could try with onSetNodeType, onCreateNode or onUpdateNode). The develope could be more dificult but it save you the time of aplying the rules in the repository.

Behaviors/Policies | Alfresco Documentation 

I think there is no impact in handling permissions in contens instead of folders, apart from the tedious administration if you have to do it manually.

Best,

Venzia IT Services & Consulting SL
AQuA Developers | Venzia Alfresco News | Venzia Community
0 Kudos
mgralien
Member II
‎20 Mar 2019 6:03 AM

Re: How to create custom roles inherited from parent folder?

Hello,

thank you for the answer. I had hope that something has changed through last 10 years and someone found a solution. It looks like it should be done using rules / policies.

BR,

Peter

0 Kudos
Alfresco Content Services Forum

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.