Obsolete Pages{{Obsolete}}
The official documentation is at: http://docs.alfresco.com
Authorization
The filesystems that are configured in the file-servers.xml file can have access controls applied to restrict access to read, read/write, or no access. The access control blocks can be specified on a per filesystem basis or globally to be applied to all filesystems, or filesystems that do not have their own set of access controls.
The simplest access control block for a filesystem can be used to set the default access :-
<accessControl default='Read|Write'/>
When the access control block has any rules defined, the default access may also be specified as None. If an SMB/CIFS client is granted None access to a filesystem, then that filesystem will not appear in the browse list of available shares for that client.
The access control block may contain a number of rules that allow or disallow a particular client access to the filesystem. The rules are processed such that the client receives the highest access level.
The following rules are available :-
- <user name='...' access='Read|Write|None'/>
If the user matches name then grant them access access to the filesystem.
- <protocol type='SMB|CIFS|FTP' access='Read|Write|None'/>
Grant access depending on the protocol being used to access the filesystem.
- <address subnet='n.n.n.n' mask='n.n.n.n' access='Read|Write|None'/>
Grant access depending on the client TCP/IP address.
- <address ip='n.n.n.n' access='Read|Write|None'/>
Grant access to the specified TCP/IP address.
- <domain name='...' access='Read|Write|None'/>
Grant access to SMB/CIFS clients from the specified domain.
A global access control block may be specified within the Filesystem Security section of the file-servers.xml configuration file. The global access controls are applied to all filesystems that do not have their own specific access controls. Here is an example :-
<globalAccessControl default='None'>
<user name='admin' access='Write'/>
<address ip='90.1.0.90' access='Write'/>
</globalAccessControl>
Some sample access control configurations. The first sample makes a filesystem read-only :-
<filesystem name='Alfresco'>
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<accessControl default='Read'/>
</filesystem>
The next sample only allows read access to clients in the 90.1.x.x subnet with the admin user being allowed write access :-
<filesystem name='Alfresco'>
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<accessControl default='None'>
<address subnet='90.1.0.0' mask='90.1.255.255' access='Read'/>
<user name='admin' access='Write'/>
</accessControl>
</filesystem>
The following sample allows read access for SMB/CIFS with the admin user being allowed write access, but FTP access is not allowed :-
<filesystem name='Alfresco'>
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<accessControl default='None'>
<protocol type='CIFS' access='Write'/>
<user name='admin' access='Write'/>
</accessControl>
</filesystem>
Back to Server Configuration