AnsweredAssumed Answered

Problem with permissions over groups(behaviour of heritance)

Question asked by venzia on May 12, 2009
Latest reply on Jul 10, 2009 by brian.robinson
Hi all, i have the follow scenario :


                        GROUP-A
                   _________________
                  |                 |
           Group-A-A              Group-A-B
             |                           |
       Group-A-A-A                    Group-A-B-A

The process :
-A User of the GROUP-A-A-A upload a document in a general space (this space is accesible for all user of all groups).
-Alfresco launch a inbound rule that execute the next script code :

    //cut inheritance
    document.setInheritsPermissions(false);
    //get groups of the user (in this example if the user belongs to Group-A-A-A the function return Group-A-A-A,Group-A-A and Group-A )
    var arr=people.getContainerGroups(person);
    var i;
    for(i=0;i<arr.length;i++)//assign read permissions
      document.setPermission("Read",arr[i].properties["usr:authorityName"] );

    document.save();

Other Details:
-the nodebrowser show the follow information of the document :

    Permissions
    Inherit:   false
    Assigned Permission   To Authority     Access
    Read              GROUP_GROUP-A-A-A   ALLOWED
    Read              GROUP_GROUP-A-A     ALLOWED
    Read              GROUP_GROUP-A       ALLOWED


But the problem is that the document is accesible for the users of the GROUP-A-B and GROUP-A-B-A  :shock:!!.
I believe this is due that they share the parent top level group (Group-A).

I need avoid this behavior. I want to assign read permissions only for top levels groups of the same "branch".
Is this posible through configuration files??
If the answer is no, how can i do it?

Sorry for my poor english.
Thanks a lot!

Outcomes