Extending security permissions and roles
Out-of-the-box Alfresco supports an extensive set of permissions to provide security controls. Alfresco supports a set of roles by grouping these permissions. The security permissions and roles can be extended. However, before extending the permissions and roles, you need to evaluate and understand existing permissions and roles and justify the decision for extending them.
Default permissions
Alfresco supports a number of permissions to access the spaces, content, their properties, and so on. The following are some of the permissions for spaces:
ReadProperties: Read space propertiesReadChildren: Read the content within a spaceWriteProperties: Update properties such as title, descriptionDeleteNode: Delete spaceDeleteChildren: Delete content and subspaces within a spaceCreateChildren: Create content within a space
The following are some of the permissions for content items:
ReadContent: Read fileWriteContent: Update fileReadProperties: Read file propertiesWriteProperties: Update file properties such as title, description etcDeleteNode: Delete fileExecuteContent: Execute fileSetOwner: Set ownership on a content item
A complete list of default permissions and roles is provided in Alfresco configuration <config>\model\permissionDefinitions.xml file.
Default roles
Roles are collections of permissions assigned to users. Roles can be applied to any space or individual content items. Subspaces can inherit permissions from parent space. The following table lists the default roles supported out-of-the-box by Alfresco:
Creating a custom role
You can add a new custom role as per your security requirements. You will have to include custom role details in permissionDefinitions.xml, which is located at <config>\model\. For a Tomcat installation, you can find this file at tomcat\webapps\alfresco\WEB-INF\classes\alfresco\model\ permissionDefinitions.xml.
You need to define your own permissions group (say ReviewerRole) and assign permissions as shown below:
<permissionGroup name="ReviewerRole" allowFullControl="false"
expose="true" >
<includePermissionGroup permissionGroup="Read" type="sys:base" />
<includePermissionGroup permissionGroup="AddChildren"
type="sys:base"/>
<includePermissionGroup type="cm:lockable"
permissionGroup="CheckOut"/>
</permissionGroup>
Once you make the changes to XML file, you need to restart Alfresco to see the new role added to the system.
- Learning OpenDaylight
- Mastering vRealize Operations Manager(Second Edition)
- Windows Vista基礎與應用精品教程
- Kubernetes網絡權威指南:基礎、原理與實踐
- 精解Windows8
- macOS效率手冊
- Microsoft Operations Management Suite Cookbook
- Mobile First Design with HTML5 and CSS3
- INSTANT Migration from Windows Server 2008 and 2008 R2 to 2012 How-to
- NetDevOps入門與實踐
- Cassandra 3.x High Availability(Second Edition)
- OpenVZ Essentials
- iOS 10快速開發:18天零基礎開發一個商業應用
- VMware Horizon Mirage Essentials
- 計算機應用基礎(Windows 7+Office 2010)