AnsweredAssumed Answered

All users have 'Admin Console'

Question asked by bdgregg on Aug 26, 2009
Latest reply on Aug 26, 2009 by bdgregg
We've just installed Alfresco Comunity Edition 3.2 and all seems to be working well, and if the system performs well we may move to the supported version.

We are very concerned about security within the application.  We've configured our authentication to use alfrescoNTLM and passthru with no ldap sync.  This seems to be working very well as all users can authenticate and get on to the system. 

However, ALL users have the "Admin Console" link at the top when they login to Alfresco Share.  I as the admin have logged in and cleared everyone out of the "ALFRESCO_ADMINISTRATORS" group except for 'admin' to ensure no one but admin is an admin.  All users still have the "Admin Console" link showing and are able to perform admin functions including adding users to the "ALFRESCO_ADMINISTRATORS" group.  Having all users as an Administrator is of course a bad thing, but I am unsure where this is coming from.

As for security, if and when the above is fixed and all users are not granted admin, are the permissions set upon created sites enforced between the web client, CIFS, webdav, etc.  such that persons not included in a private site are not able to upload/download/see files in the windows file share or webdav?  We wish to create a few sites that are very restricted and we want to ensure NO unauthorized users are able to access information within these sites.  Please tell me this is true and works.

Thanks all in advance.

Outcomes