How to create custom roles inherited from parent folder?

cancel
Showing results for 
Search instead for 
Did you mean: 
mgralien
Member II

How to create custom roles inherited from parent folder?

Hi,

I have a problem with creating custom roles in Alfresco. Currently I have two custom types of content:

  • acme:documentTK
  • acme:documentDS

What I need to do is create custom Customer role for each type:

  • CustomerTK
  • CustomerDS

User with role CustomTK should have read access to acme:documentTK documents and not for acme:documentDS documents. User with role CustomDS should have read access to acme:documentDS only. I`ve created a role for each type. If I configure permissions on document level it works fine. Unfortunately I don`t want to configure permissions for every document. I would like to configure permissions on parent folder and inherits them on document. E.g. I have simple folder:

  • Documents Folder
    • document1.pdf (acme:documentTK)
    • document2.pdf (acme:documentDS)

Documents Folder has two configured permissions:

  • User A (CustomerTK)
  • User B (CustomerDS)

Permissions inheritance is disabled on folder and enabled on documents.

Result:

User A and User B have access to Documents Folder and to all documents (document1.pdf and document2.pdf)

Expected result:

User A and User B have access to Documents Folder. User A can only see document1.pdf in folder and User B can only see document2.pdf in folder.

Below are my custom permission definitions:

<permissionSet type="cm:cmobject" expose="selected">
...
<permissionGroup name="ConsumerTK" allowFullControl="false" expose="false" />
<permissionGroup name="ConsumerDS" allowFullControl="false" expose="false" />
</permissionSet>

<permissionSet type="cm:folder" expose="selected">
...
<permissionGroup name="ConsumerTK" type="cm:cmobject" extends="true" expose="true">
<includePermissionGroup permissionGroup="Read" type="sys:base" />
</permissionGroup>
<permissionGroup name="ConsumerDS" type="cm:cmobject" extends="true" expose="true">
<includePermissionGroup permissionGroup="Read" type="sys:base" />
</permissionGroup>
</permissionSet>

<permissionSet type="acme:documentTK" expose="selected">
<permissionGroup name="ConsumerTK" type="cm:cmobject" extends="true" expose="true">
<includePermissionGroup permissionGroup="Read" type="sys:base" />
</permissionGroup>
</permissionSet>

<permissionSet type="acme:documentDS" expose="selected">
<permissionGroup name="ConsumerDS" type="cm:cmobject" extends="true" expose="true">
<includePermissionGroup permissionGroup="Read" type="sys:base" />
</permissionGroup>
</permissionSet>

I checked many configurations but results are the same. I was trying to not modify original permissionDefinitions.xml and three dots means that there is original configuration copied to my xml for cm:cmobject and cm:folder type.

Is it possible to do this by adding permissions to folder?

I will be grateful for any suggestions.

Peter

4 Replies
roberto_gamiz
Established Member II

Re: How to create custom roles inherited from parent folder?

Hello,

I think your best option is create a script that perform the role assignation and execute it in the folder using a rule in content creation or content update.

This script would use Javascript APIs to check the type of the new content and assing it the set of permissions you want.

Best,

mgralien
Member II

Re: How to create custom roles inherited from parent folder?

Thanks for the answer.

I know that it can be done using rules. But I wonder if it`s possible using permission definions without creating rules. Maybe someone tried that.

Does it impact on repository if permissions are configured on every document instead of parent folder?

I`ve found a thread about similar case: https://community.alfresco.com/thread/166670-customize-permissions-based-on-types Unfortunately a link with possible solution isn`t working. This thread shows a configuration with a Dummy role which was added in cm:cmobject, cm:content and cm:folder type.

BR,
Peter

roberto_gamiz
Established Member II

Re: How to create custom roles inherited from parent folder?

Hello,

I read the post and I see that its final conclusión is that is not  not possible with configuration od permissions. I presume that the link explain a solution based on rules or behaviours.

If you wan't to use rules maybe you can implement a solution based on Behaviours (could try with onSetNodeType, onCreateNode or onUpdateNode). The develope could be more dificult but it save you the time of aplying the rules in the repository.

Behaviors/Policies | Alfresco Documentation 

I think there is no impact in handling permissions in contens instead of folders, apart from the tedious administration if you have to do it manually.

Best,

mgralien
Member II

Re: How to create custom roles inherited from parent folder?

Hello,

thank you for the answer. I had hope that something has changed through last 10 years and someone found a solution. It looks like it should be done using rules / policies.

BR,

Peter