I can't figure out how to give the coordinator enough priviledges to successfully create a user. The issue right now is that the coordinator is able to create the person using personService but fails when the coordinator tries to setPermissions on the newly created person. The command
Apologies, I am not sure where you have got to and have missed some of this as it appears in several places….
To set a permission you would need the approprite permission for the node "ChangePermissions", which you do not have from the error.
The Coordinator permission group (role if you must) is normally assigned to a folder. It seems odd that an object level permission would include creating users for the repo as a whole.
You could assign someone as a Coordinator for the whole repo. This permission can be assigned to people/groups as a global permission in the permissionDefinitions.xml. You may need a new permission group for this including ChangePermissions. This will allow more than adding a user…..
Currently only administrators can manage people. I suggest you could have (and may be alfresco should have …) a permission associated with the person type like manage people. This permission could then be assigned to people/groups as a global permission in the permissionDefinitions.xml. The person service could then be protected using this permission, without leaking more general permissions …..
If really you want some people to have full admin rights then you can add them to the admin group in the authority-services-context.xml.
I got around the issue by giving the person permissions to the person container node.
What I am trying to do is create a role that allows a person to add(invite+create new) to a group and create subgroups of the group that they are the "admin" of. That person would not be able to control anywhere else.
I have created a new permissionGroup in sys:base called GroupAdmin that has the required permissions. This GroupAdmin permissionSet is assigned to the appropriate method in the public security xml file.
Is this an appropriate approach?
Archive: Alfresco Content Services / ECM
Archive content from 2016 and relating to earlier versions of Alfresco Content Services, Community and Alfresco One.