Help

File Server ACLs

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

File Server ACLs

resplin
Intermediate
0 0 938
‎6 Jun 2015 0:40 AM

Obsolete Pages{{Obsolete}}

The official documentation is at: http://docs.alfresco.com



Authorization
The filesystems that are configured in the file-servers.xml file can have access controls applied to restrict access to read, read/write, or no access. The access control blocks can be specified on a per filesystem basis or globally to be applied to all filesystems, or filesystems that do not have their own set of access controls.

The simplest access control block for a filesystem can be used to set the default access :-

 <accessControl default='Read|Write'/>

When the access control block has any rules defined, the default access may also be specified as None. If an SMB/CIFS client is granted None access to a filesystem, then that filesystem will not appear in the browse list of available shares for that client.

The access control block may contain a number of rules that allow or disallow a particular client access to the filesystem. The rules are processed such that the client receives the highest access level.

The following rules are available :-


  • <user name='...' access='Read|Write|None'/>

If the user matches name then grant them access access to the filesystem.


  • <protocol type='SMB|CIFS|FTP' access='Read|Write|None'/>

Grant access depending on the protocol being used to access the filesystem.


  • <address subnet='n.n.n.n' mask='n.n.n.n' access='Read|Write|None'/>

Grant access depending on the client TCP/IP address.


  • <address ip='n.n.n.n' access='Read|Write|None'/>

Grant access to the specified TCP/IP address.


  • <domain name='...' access='Read|Write|None'/>

Grant access to SMB/CIFS clients from the specified domain.

A global access control block may be specified within the Filesystem Security section of the file-servers.xml configuration file. The global access controls are applied to all filesystems that do not have their own specific access controls. Here is an example :-

<globalAccessControl default='None'>
 <user name='admin' access='Write'/>
 <address ip='90.1.0.90' access='Write'/>
</globalAccessControl>

Some sample access control configurations. The first sample makes a filesystem read-only :-

<filesystem name='Alfresco'>
 <store>workspace://SpacesStore</store>
 <rootPath>/app:company_home</rootPath>
 <accessControl default='Read'/>
</filesystem>

The next sample only allows read access to clients in the 90.1.x.x subnet with the admin user being allowed write access :-

<filesystem name='Alfresco'>
 <store>workspace://SpacesStore</store>
 <rootPath>/app:company_home</rootPath>
 <accessControl default='None'>
  <address subnet='90.1.0.0' mask='90.1.255.255' access='Read'/>
  <user name='admin' access='Write'/>
 </accessControl>
</filesystem>

The following sample allows read access for SMB/CIFS with the admin user being allowed write access, but FTP access is not allowed :-

<filesystem name='Alfresco'>
 <store>workspace://SpacesStore</store>
 <rootPath>/app:company_home</rootPath>
 <accessControl default='None'>
  <protocol type='CIFS' access='Write'/>
  <user name='admin' access='Write'/>
 </accessControl>
</filesystem>

Back to Server Configuration

Labels
0 Kudos
Alfresco Content Services Hub Docs

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.