CODEWITHSUNDEEP
alfrescoalfresco-share
Sri Harish
Sri Harish

Reputation: 3

How to apply permissions on model level in Alfresco

I am using Alfresco community edition 6.2.0. I need to know, is there any way to apply security on the model or custom type itself so that I can restrict the users from using that specific custom type. I come from a FileNet background, in FileNet, we can apply security on the Document Class level, is the same thing possible in Alfresco? I couldn't find any documentation related to it, so please help me.

Upvotes: 0

Views: 546

Answers (3)

Arjun
Arjun

Reputation: 634

There is no way to set the permissions in Model level only way to do that is Node level.

But instead you can create a custom permissions sets in model level that can be used in share and repo by utilizing the Java api's.

 <bean id="myModule_permissionBootstrap" parent="permissionModelBootstrap">
      <property name="model" value="alfresco/module/myModuleId/myPermissionDefinitions.xml"/>
    </bean>

https://docs.alfresco.com/5.0/concepts/dev-extensions-modules-custom-permission-model.html https://docs.alfresco.com/5.0/concepts/secur-permissions.html org.alfresco.repo.node.NodeServicePolicies

beforeAddAspect
beforeArchiveNode
beforeCreateNode
beforeCreateStore
beforeDeleteAssociation
beforeDeleteChildAssociation
beforeDeleteNode
beforeMoveNode
beforeRemoveAspect
beforeSetNodeType
beforeUpdateNode
onAddAspect
onCreateAssociation
onCreateChildAssociation
onCreateNode
onCreateStore
onDeleteAssociation
onDeleteChildAssociation
onDeleteNode
onMoveNode
onRemoveAspect
onSetNodeType
onUpdateNode
onUpdateProperties

Upvotes: 0

Heiko Robert
Heiko Robert

Reputation: 2737

In addition to @lista 's suggestion please also check the discussion on Alfresco Hub about dynamic authorities: Custom site role allowing users to read only specific documents inside the site. Dynamic authorities may be more expensive during search but avoids setting explicit ACLs on every node and would allow to change permissions on document types later. So it depends on your use case and requirements what is better. I would prefer a custom DynamicAuthority if you don't have a very large system.

Upvotes: 2

Lista
Lista

Reputation: 2246

Unfortunately, no. There are somewhat elegant ways to do this, though:

  • Place all specific custom type under the same folder/file plan. Then set permission up and let inheritance do it's job
  • Use NodeBehaviours to apply your security on "create/update" events, in transaction

Apart from this, you could develop your own permissions, but this is a more serious customization.

Upvotes: 1

Related Questions