i am trying to remove the delete option for his qwn document from contributor .
How can it be done .
This can easily be done by implementing a policy / behaviour to set the document owner to the NO_OWNER (empty string) special value. A contributor does not by itself have the privilege to delete any document - that only is granted by the fact that the creator of a document is by default its owner, and gets delete privileges via the OWNER role.
i don't want to give delete privileges for Contributor role .
and not even to his own file.Axel Faust Please explain through step by step
Even better: I can point you to a decent tutorial on how to write behaviours / policies.
When you understood that, then you only need to use the OwnableService to set the owner to OwnableService.NO_OWNER for any documents you need to handle. BE CAREFUL: Do not apply this logic to ALL documents in Alfresco, only those you really need to handle. Otherwise you will break your system i.e. if you remove owner privileges from technical documents (thumbnails, preferences...). One option is to use the SiteService to check if the node is part of a specific site you want to handle, or even contained in a documentLibrary, and use NodeService + DictionaryService to check if the node may be a thumbnail which you wouldn't want to handle.
how to achieve user based access control in alfresco
... by assigning permissions on nodes to users? I am not sure I understand that question. Maybe it is just too trivial a thing that I don't understand what problem you could have understanding.
i meant that how can we set permissions based on user id ,not on thier roles??
That does not make it clearer. What you are describing IS "assigning permissions". Technically speaking there is no "role" in Alfresco. "Contributor" is just a permission that has been set for a particular user / group on a particular node, and which is inherited through the hierarchy. The permission "Contributor" includes other, more fine-grained permissions, like "AddChildren", which allows to create new nodes into existing structures. When you only want to deal with the low level (granular) permissions, than you'd need to customise the UI to expose those and only use these for permission assignment instead of the high-level "Contributor" one. The process would still be the same - assign permission X to user / group Y on node Z either via the "Manage Permissions" action in the UI or the PermissionService.setPermission() operation in Java code (or indirectly via a ReST API).
i cant get it properly
for new custom role how to give permissions like write, delete, view etc
Hi Aniruddha,See if this link Custom Permission can help.
I got your problem but Alfresco is designed in a way in which you will have to provide permission/role on node level, not to the entire system.
which ever user you want to give whatever permission or role you can but at node level not at the entire Alfresco repository.
Refer this URL for detailed permission for various roles and sections of Alfresco User roles and permissions | Alfresco Documentation In this URL you can go through Content Permissions
Using the concept of DynamicAuthority you can basically implement user-only based permissions on the entire repository. This requires some Java development and working around registration issues (Alfresco did not intend that to be a public extension point). It is best used only for permission not involving the base READ access ones, because as soon as there is a single DynamicAuthority relating to READ, a critical optimisation Alfresco has in place for SOLR / query ACL checks will be disabled...
Retrieving data ...