Extending security permissions and roles
Out-of-the-box Alfresco supports an extensive set of permissions to provide security controls. Alfresco supports a set of roles by grouping these permissions. The security permissions and roles can be extended. However, before extending the permissions and roles, you need to evaluate and understand existing permissions and roles and justify the decision for extending them.
Default permissions
Alfresco supports a number of permissions to access the spaces, content, their properties, and so on. The following are some of the permissions for spaces:
ReadProperties: Read space propertiesReadChildren: Read the content within a spaceWriteProperties: Update properties such as title, descriptionDeleteNode: Delete spaceDeleteChildren: Delete content and subspaces within a spaceCreateChildren: Create content within a space
The following are some of the permissions for content items:
ReadContent: Read fileWriteContent: Update fileReadProperties: Read file propertiesWriteProperties: Update file properties such as title, description etcDeleteNode: Delete fileExecuteContent: Execute fileSetOwner: Set ownership on a content item
A complete list of default permissions and roles is provided in Alfresco configuration <config>\model\permissionDefinitions.xml file.
Default roles
Roles are collections of permissions assigned to users. Roles can be applied to any space or individual content items. Subspaces can inherit permissions from parent space. The following table lists the default roles supported out-of-the-box by Alfresco:
Creating a custom role
You can add a new custom role as per your security requirements. You will have to include custom role details in permissionDefinitions.xml, which is located at <config>\model\. For a Tomcat installation, you can find this file at tomcat\webapps\alfresco\WEB-INF\classes\alfresco\model\ permissionDefinitions.xml.
You need to define your own permissions group (say ReviewerRole) and assign permissions as shown below:
<permissionGroup name="ReviewerRole" allowFullControl="false"
expose="true" >
<includePermissionGroup permissionGroup="Read" type="sys:base" />
<includePermissionGroup permissionGroup="AddChildren"
type="sys:base"/>
<includePermissionGroup type="cm:lockable"
permissionGroup="CheckOut"/>
</permissionGroup>
Once you make the changes to XML file, you need to restart Alfresco to see the new role added to the system.
- Containerization with LXC
- 構建高可用Linux服務器(第4版)
- Windows Vista基礎與應用精品教程
- 無蘋果不生活 OS X Mountain Lion隨身寶典
- 高性能Linux服務器構建實戰:運維監控、性能調優與集群應用
- Windows Phone應用程序開發
- Linux自動化運維:Shell與Ansible(微課版)
- Linux使用和管理指南:從云原生到可觀測性
- 嵌入式系統及其應用(第三版)
- Joomla! 3 Template Essentials
- Social Data Visualization with HTML5 and JavaScript
- Distributed Computing with Go
- Introduction to R for Quantitative Finance
- bash shell腳本編程經典實例(第2版)
- 應急指揮信息系統設計