Obsolete Pages{{Obsolete}}
The official documentation is at: http://docs.alfresco.com
Authorization
This is the permission model used in v1.0 of the enterprise product.
In the Alfresco enterprise 1.1.2 you should find this file in the your_install_dir/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/model/permissionDefinitions.xml file.
If you run Jboss with Default server JBoss: <JBOSS_HOME>/server/default/tmp/deploy/tmp*alfresco-exp.war/WEB-INF/classes/alfresco/model/permissionDefinitions.xml file.
Back to Permissions and Roles Configuration
<permissions>
<namespaces>
<namespace uri='http://www.alfresco.org/model/system/1.0' prefix='sys'/>
<namespace uri='http://www.alfresco.org/model/content/1.0' prefix='cm'/>
</namespaces>
<permissionSet type='sys:base' expose='all' >
<permissionGroup name='FullControl' expose='true' allowFullControl='true' />
<permissionGroup name='Read' expose='true' allowFullControl='false' />
<permissionGroup name='Write' expose='true' allowFullControl='false' />
<permissionGroup name='Delete' expose='true' allowFullControl='false' />
<permissionGroup name='AddChildren' expose='true' allowFullControl='false' />
<permission name='ReadProperties' expose='true' >
<grantedToGroup permissionGroup='Read' />
<requiredPermission on='parent' name='ReadChildren' implies='false'/>
</permission>
<permission name='ReadChildren' expose='true' >
<grantedToGroup permissionGroup='Read' />
<requiredPermission on='parent' name='ReadChildren' implies='false'/>
</permission>
<permission name='WriteProperties' expose='true' >
<grantedToGroup permissionGroup='Write' />
<requiredPermission on='parent' name='ReadChildren' implies='false'/>
</permission>
<permission name='DeleteNode' expose='true' >
<grantedToGroup permissionGroup='Delete' />
<requiredPermission on='parent' name='ReadChildren' implies='false'/>
<requiredPermission on='parent' name='DeleteChildren' implies='false'/>
<requiredPermission on='node' name='DeleteChildren' implies='false'/>
</permission>
<permission name='DeleteChildren' expose='true' >
<grantedToGroup permissionGroup='Delete' />
<requiredPermission on='parent' name='ReadChildren' implies='false'/>
</permission>
<permission name='CreateChildren' expose='true' >
<grantedToGroup permissionGroup='AddChildren' />
<requiredPermission on='parent' name='ReadChildren' implies='false' />
</permission>
<permission name='LinkChildren' expose='true' >
<grantedToGroup permissionGroup='AddChildren' />
<requiredPermission on='parent' name='ReadChildren' implies='false'/>
</permission>
<permission name='DeleteAssociations' expose='true' >
<requiredPermission on='parent' name='ReadChildren' implies='false'/>
</permission>
<permission name='ReadAssociations' expose='true' >
<requiredPermission on='parent' name='ReadChildren' implies='false' />
</permission>
<permission name='CreateAssociations' expose='true' >
<requiredPermission on='parent' name='ReadChildren' implies='false' />
</permission>
<permission name='ReadPermissions' expose='true' >
<requiredPermission on='parent' name='ReadChildren' implies='false'/>
</permission>
<permission name='ChangePermissions' expose='true' >
<requiredPermission on='parent' name='ReadChildren' implies='false'/>
</permission>
</permissionSet>
<permissionSet type='cm:content' expose='all'>
<permissionGroup name='Read' extends='true' expose='true'/>
<permissionGroup name='Write' extends='true' expose='true'/>
<permissionGroup name='Execute' allowFullControl='false' expose='true'/>
<permission name='ReadContent' expose='true'>
<grantedToGroup permissionGroup='Read'/>
<requiredPermission on='parent' name='ReadChildren' implies='false'/>
</permission>
<permission name='WriteContent' expose='true'>
<grantedToGroup permissionGroup='Write' />
<requiredPermission on='parent' name='ReadChildren' implies='false'/>
</permission>
<permission name='ExecuteContent' expose='true'>
<grantedToGroup permissionGroup='Execute' />
<requiredPermission on='parent' name='ReadChildren' implies='false'/>
</permission>
</permissionSet>
<permissionSet type='cm:ownable' expose='selected'>
<permissionGroup name='TakeOwnership' requiresType='false' expose='false'/>
<permission name='SetOwner' expose='false' requiresType='false'>
<grantedToGroup permissionGroup='TakeOwnership' />
<requiredPermission on='parent' name='ReadChildren' />
<requiredPermission on='node' name='WriteProperties' />
</permission>
</permissionSet>
<permissionSet type='cm:lockable' expose='selected'>
<permissionGroup name='CheckOut' requiresType='false' expose='false'/>
<permissionGroup name='CheckIn' requiresType='true' expose='false'/>
<permissionGroup name='CancelCheckOut' requiresType='true' expose='false'/>
<permission name='Lock' requiresType='false' expose='false'>
<grantedToGroup permissionGroup='CheckOut' />
<requiredPermission on='node' type='sys:base' name='Write'/>
</permission>
<permission name='Unlock' requiresType='true' expose='false'>
<grantedToGroup permissionGroup='CheckIn' />
<grantedToGroup permissionGroup='CancelCheckOut' />
</permission>
</permissionSet>
<permissionSet type='cm:folder' expose='selected'>
<permissionGroup name='Administrator' allowFullControl='true' expose='false' />
<permissionGroup name='Coordinator' allowFullControl='true' expose='true' />
<permissionGroup name='Contributor' allowFullControl='false' expose='true' >
<includePermissionGroup permissionGroup='Guest' type='cm:folder'/>
<includePermissionGroup permissionGroup='AddChildren' type='sys:base'/>
<includePermissionGroup type='cm:lockable' permissionGroup='CheckOut'/>
</permissionGroup>
<permissionGroup name='Editor' expose='true' allowFullControl='false' >
<includePermissionGroup type='cm:folder' permissionGroup='Guest'/>
<includePermissionGroup type='sys:base' permissionGroup='Write'/>
<includePermissionGroup type='cm:lockable' permissionGroup='CheckOut'/>
</permissionGroup>
<permissionGroup name='Guest' allowFullControl='false' expose='true' >
<includePermissionGroup permissionGroup='Read' type='sys:base' />
</permissionGroup>
</permissionSet>
<globalPermission permission='FullControl' authority='ROLE_ADMINISTRATOR'/>
<globalPermission permission='FullControl' authority='ROLE_OWNER'/>
<globalPermission permission='Unlock' authority='ROLE_LOCK_OWNER'/>
<globalPermission permission='CheckIn' authority='ROLE_LOCK_OWNER'/>
<globalPermission permission='CancelCheckOut' authority='ROLE_LOCK_OWNER'/>
</permissions>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.