AnsweredAssumed Answered

How to create custom roles inherited from parent folder?

Question asked by mgralien on Mar 19, 2019
Latest reply on Mar 20, 2019 by mgralien

Hi,

I have a problem with creating custom roles in Alfresco. Currently I have two custom types of content:

  • acme:documentTK
  • acme:documentDS

What I need to do is create custom Customer role for each type:

  • CustomerTK
  • CustomerDS

 

User with role CustomTK should have read access to acme:documentTK documents and not for acme:documentDS documents. User with role CustomDS should have read access to acme:documentDS only. I`ve created a role for each type. If I configure permissions on document level it works fine. Unfortunately I don`t want to configure permissions for every document. I would like to configure permissions on parent folder and inherits them on document. E.g. I have simple folder:

  • Documents Folder
    • document1.pdf (acme:documentTK)
    • document2.pdf (acme:documentDS)

 

Documents Folder has two configured permissions:

  • User A (CustomerTK)
  • User B (CustomerDS)

Permissions inheritance is disabled on folder and enabled on documents.

 

Result:

User A and User B have access to Documents Folder and to all documents (document1.pdf and document2.pdf)

 

Expected result:

User A and User B have access to Documents Folder. User A can only see document1.pdf in folder and User B can only see document2.pdf in folder.

 

Below are my custom permission definitions:

<permissionSet type="cm:cmobject" expose="selected">
   ...
   <permissionGroup name="ConsumerTK" allowFullControl="false" expose="false" />
   <permissionGroup name="ConsumerDS" allowFullControl="false" expose="false" />
</permissionSet>

<permissionSet type="cm:folder" expose="selected">
   ...
   <permissionGroup name="ConsumerTK" type="cm:cmobject" extends="true" expose="true">
      <includePermissionGroup permissionGroup="Read" type="sys:base" />
   </permissionGroup>
   <permissionGroup name="ConsumerDS" type="cm:cmobject" extends="true" expose="true">
      <includePermissionGroup permissionGroup="Read" type="sys:base" />
   </permissionGroup>
</permissionSet>

<permissionSet type="acme:documentTK" expose="selected">
   <permissionGroup name="ConsumerTK" type="cm:cmobject" extends="true" expose="true">
      <includePermissionGroup permissionGroup="Read" type="sys:base" />
   </permissionGroup>
</permissionSet>

<permissionSet type="acme:documentDS" expose="selected">
   <permissionGroup name="ConsumerDS" type="cm:cmobject" extends="true" expose="true">
      <includePermissionGroup permissionGroup="Read" type="sys:base" />
   </permissionGroup>
</permissionSet>

I checked many configurations but results are the same. I was trying to not modify original permissionDefinitions.xml and three dots means that there is original configuration copied to my xml for cm:cmobject and cm:folder type.

 

Is it possible to do this by adding permissions to folder?

 

I will be grateful for any suggestions.

Peter

Outcomes