AnsweredAssumed Answered

Why can't I create a custom role?

Question asked by meansartin14 on Oct 21, 2008
Latest reply on Oct 23, 2008 by dpalmeira
Platform/Install:
I am running Red Hat Enterprise Linux 5 and MySQL 5.0.45. The JRE, Tomcat and OpenOffice versions being used are what is downloaded/installed by the AlfrescoEnterprise-2.2.0-Linux-x86-Install.bin file (1.5, 5.5.23, and 2.0 respectively, I believe).

Objective:
Define 1 new custom role, based ENTIRELY on the "Consumer" role.

Issue:
Nothing I try seems to be working. I know it can not be this difficult to define a custom role.

Per Alfresco documentation, I know the roles are contained in the "tomcat/webapps/alfresco/WEB-INF/classes/alfresco/model/permissionDefinitions.xml" file. Here's the contents of that file, including the section I added (see TestRole permissionGroup):


   <permissionSet type="cm:cmobject" expose="selected">

       <!– Kept for backward compatibility - the administrator permission has   –>
      <!– been removed to aviod confusion –>
      <permissionGroup name="Administrator" allowFullControl="true" expose="false" />

      <!– A coordinator can do anything to the object or its childeren unless the     –>
      <!– permissions are set not to inherit or permission is denied.                 –>
      <permissionGroup name="Coordinator" allowFullControl="true" expose="true" />

      <!– A collaborator can do anything that an editor and a contributor can do –>
      <permissionGroup name="Collaborator" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Editor" type="cm:cmobject" />
         <includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
      </permissionGroup>

      <!– A contributor can create content and then they have full permission on what –>
      <!– they have created - via the permissions assigned to the owner.              –>
      <permissionGroup name="Contributor" allowFullControl="false" expose="true" >
          <!– Contributor is a consumer who can add content, and then can modify via the –>
          <!– owner permissions.                                                      –>
          <includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/>
          <includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
          <includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
      </permissionGroup>

      <!– An editor can read and write to the object; they can not create    –>
      <!– new nodes. They can check out content into a space to which they have       –>
      <!– create permission.                                                          –>
      <permissionGroup name="Editor"  expose="true" allowFullControl="false" >
          <includePermissionGroup type="cm:cmobject" permissionGroup="Consumer"/>
          <includePermissionGroup type="sys:base" permissionGroup="Write"/>
          <includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
          <includePermissionGroup type="sys:base" permissionGroup="ReadPermissions"/>
      </permissionGroup>

      <!– The Consumer permission allows read to everything by default.                  –>
      <permissionGroup name="Consumer" allowFullControl="false" expose="true" >
          <includePermissionGroup permissionGroup="Read" type="sys:base" />
      </permissionGroup>

      <permissionGroup name="TestRole" allowFullControl="false" expose="true" >
          <includePermissionGroup permissionGroup="Read" type="sys:base" />
      </permissionGroup>

      <!– records permission –>
      <!– Should be tied to the aspect –>
      <!– onwership should be removed when using this permission –>
      <permissionGroup name="RecordAdministrator" allowFullControl="false" expose="false">
          <includePermissionGroup type="sys:base" permissionGroup="ReadProperties"/>
          <includePermissionGroup type="sys:base" permissionGroup="ReadChildren"/>
          <includePermissionGroup type="sys:base" permissionGroup="WriteProperties"/>
          <includePermissionGroup type="sys:base" permissionGroup="ReadContent"/>
          <includePermissionGroup type="sys:base" permissionGroup="DeleteChildren"/>
          <includePermissionGroup type="sys:base" permissionGroup="CreateChildren"/>
          <includePermissionGroup type="sys:base" permissionGroup="LinkChildren"/>
          <includePermissionGroup type="sys:base" permissionGroup="DeleteAssociations"/>
          <includePermissionGroup type="sys:base" permissionGroup="CreateAssociations"/>
      </permissionGroup>

      <!– avm related permissions –>

       <!– AVM website specific roles.                                               –>
      <permissionGroup name="ContentManager" allowFullControl="true" expose="false" />

      <permissionGroup name="ContentPublisher" allowFullControl="false" expose="false">
         <includePermissionGroup permissionGroup="Collaborator" type="cm:cmobject" />
      </permissionGroup>

      <permissionGroup name="ContentContributor" allowFullControl="false" expose="false">
         <includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
      </permissionGroup>

      <permissionGroup name="ContentReviewer" allowFullControl="false" expose="false">
         <includePermissionGroup permissionGroup="Editor" type="cm:cmobject" />
      </permissionGroup>

   </permissionSet>

As you can see, I simply copied the "Consumer" permissionGroup definition and renamed it. After I restart Alfresco, when I try to assign a person to a document or folder, even as admin, the "TestRole" role does not show as an option.

Am I forgetting a step?

Outcomes