Help

Make action available only for a specific LDAP group

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
franciscoduarte
Member II
‎11 Nov 2022 11:07 AM

Make action available only for a specific LDAP group

Jump to solution

Hello,

I need to make a share action available only for users from a specific LDAP group.

I know that I can use an Evaluator to build this logic but my problem is that I don't know how to access the LDAP information from ACS. Is there an OOTB way to do this?

I'm using ACS 7.2 Enterprise.

Best regards,

Francisco Duarte

Labels
0 Kudos
1 Solution

Accepted Solutions
cesarista
Customer
‎13 Nov 2022 8:54 PM

Re: Make action available only for a specific LDAP group

Jump to solution

Hi:

Try defining an evaluator based in evaluator.doclib.action.groupMembership.

For example:

<bean id="evaluator.doclib.action.isWebPublisher" parent="evaluator.doclib.action.groupMembership">
<property name="groups">
<list>
<value>GROUP_WEB_PUBLISHER</value>
</list>
</property>
</bean>

You should integrate Alfresco with your LDAP, and sync your LDAP groups. So it is expected to sync a WEB_PUBLISHER group of the LDAP.

Then you may use the evaluator inside the action definition.

<action id="execute-web-workflow1" type="javascript" label="web.action.action1">
<param name="function">onActionSimpleRepoAction</param>
<param name="action">execute-web-workflow-action1</param>
<param name="successMessage">web.message.success.action1</param>
<param name="failureMessage">web.message.failure.action1</param>
<evaluator>evaluator.doclib.action.isWebPublisher</evaluator>
</action>

Regards.

--C.

View solution in original post

0 Kudos
3 Replies
cesarista
Customer
‎13 Nov 2022 8:54 PM

Re: Make action available only for a specific LDAP group

Jump to solution

Hi:

Try defining an evaluator based in evaluator.doclib.action.groupMembership.

For example:

<bean id="evaluator.doclib.action.isWebPublisher" parent="evaluator.doclib.action.groupMembership">
<property name="groups">
<list>
<value>GROUP_WEB_PUBLISHER</value>
</list>
</property>
</bean>

You should integrate Alfresco with your LDAP, and sync your LDAP groups. So it is expected to sync a WEB_PUBLISHER group of the LDAP.

Then you may use the evaluator inside the action definition.

<action id="execute-web-workflow1" type="javascript" label="web.action.action1">
<param name="function">onActionSimpleRepoAction</param>
<param name="action">execute-web-workflow-action1</param>
<param name="successMessage">web.message.success.action1</param>
<param name="failureMessage">web.message.failure.action1</param>
<evaluator>evaluator.doclib.action.isWebPublisher</evaluator>
</action>

Regards.

--C.

0 Kudos
franciscoduarte
Member II
‎14 Nov 2022 0:24 PM

Re: Make action available only for a specific LDAP group

Jump to solution

Hello,

Is this supposed to work with LDAP groups?

In Admin Tools > Users > Admin, I see the group ALFRESCO_ADMINISTRATORS for example.

I tried to add this group to the XML and it didn't work.

After that, I tried SiteManager, and it worked. It seems this evaluator.doclib.action.groupMembership only works with the site roles and not LDAP groups.

Best regards and thankyou for your answer,

Francisco Diarte

0 Kudos
franciscoduarte
Member II
‎14 Nov 2022 0:42 PM

Re: Make action available only for a specific LDAP group

Jump to solution

Hello,

Never mind my last post. I had to add the "GROUP_" before the group name.

It's working now.

Thanks for the help,

Francisco Duarte

0 Kudos
Alfresco Content Services Forum

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.