SlideShare a Scribd company logo

Elements_Permissions.pdf

•
•
Jeff Smith
Jeff Smith

Elements_Permissions.pdf

TechnologyBusiness
1 of 11
Alfresco Elements Permissions
2 Alfresco Elements Contents Document information.............................................................................................................. 3 Permissions................................................................................................................................4 Lab - Create permissions.......................................................................................................11
Document information Permissions 3 Document information Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Alfresco. The trademarks, service marks, logos, or other intellectual property rights or Alfresco and others used in this documentation("Trademarks") are the property of Alfresco and their respective owners. The furnishing of this document does not give you license to these patents, trademarks, copyrights or other intellectual property except as expressly provided in any written agreement with Alfresco. The United States export control laws and regulations, including the Export Administration Regulations of the U.S. Department of Commerce, and other applicable laws and regulations apply to this documentation which prohibit the export or re-export of content, products, services, and technology to certain countries and persons. You agree to comply with all export laws, regulations and restrictions of the United States and any foreign agency or authority and assume sole responsibility for any such unauthorized exportation. You may not use this documentation if you are a competitor of Alfresco, except with Alfresco's prior written consent. In addition, you may not use the documentation for purposes of evaluating its functionality or for any competitive purposes. If you need technical support for this product, contact Customer Support by email at support@alfresco.com. If you have comments or suggestions about this documentation, contact us at training@alfresco.com.
Permissions 4 Alfresco Elements Permissions Introduction Alfresco provides a very sophisticated and flexible security model, in this section we look at this model from a high level perspective. In order to provide a smooth user experience the security model is simplified through the use of roles and permission groups, we look at how these work and how you can easily manage security based on these methods. Alfresco defines a very basic set of permissions, some of which are shown here. Some of these are applicable to all nodes in the repository and some are applicable only to nodes which have content. This wide range of permissions allows for very fine grain security levels, although security itself cannot be placed on anything other than a node. So for example you cannot have a read only node with a property that has write access. Don’t worry if this seems an excessively long list, you don’t have to manage these permissions individually, it’s just to show you the level of sophistication available in the Alfresco security model. Keep this in mind as we progress, since these low level permissions would form the basis of any customization of the Alfresco security model.
Permissions Permissions 5 Permission groups In order to make security more convenient and manageable, the basic permissions are bundled together into permission groups. Permission groups can be nested, however as an administrator you will not have to create or change the in-built permission groups. The Alfresco provided permission groups should be enough for the vast majority of situations. In practice we find that rarely is the Alfresco permission model customized. The diagram shows that the lowest level permission group is consumer, with each group build up with more permissions until reaching the coordinator group. Demo: Permissions Permission groups dictate the actions, which a user can undertake in Alfresco. This presents itself as the actions, which can be executed against a repository item. Permissions also determine whether a folder within the repository is visible to an individual or group of individuals. It is the administrator who has the ability to set permissions against a repository item and additionally grant the ability to a user to manager permissions themselves. Permission group actions Permission groups dictate the actions, which a user can undertake in Alfresco. This presents itself as the actions, which can be executed against a repository item. Permissions also determine whether a folder within the repository is visible to an individual or group of individuals. It is the administrator who has the ability to set permissions against a repository item and additionally grant the ability to a user to manager permissions themselves.
Permissions 6 Alfresco Elements The actions available to a user holding each specific permission group is shown here. These actions target either a repository folder or repository item. Remember this is not an exhaustive list of abilities and there are subtle differences between the permission groups. For example a user with the consumer permission cannot create or add new content, whereas a contributor can. A detailed matrix can be found in the Alfresco online documentation, which we encourage you to examine now. Permission groups and share permissions It is important to draw distinction between Permission groups and Share site roles. In this Alfresco Element we discuss Permissions, Permission groups and their use within the repository. You have just explored the five permission groups and the functionality they bestow to a user. Permissions are set by the administrator. Within a folder, permissions can also be managed by a user who holds the coordinator permission group, for that folder and its subfolders. The four Share site roles are given to a user and set by the site manager. This defines user abilities within that site. Permissions and Share site roles are both implemented through the individual underlying set of permissions. Access control lists An Access Control List (ACL) is an ordered list of Access Control Entries (ACEs). An ACE associates a single authority (a group, role or user) to a single permission group or permission, and states whether the permission is to be allowed or denied. All nodes have an
Permissions Permissions 7 associated ACL. An ACL specifies if it should inherit ACEs from a parent ACL. When a new node is created it automatically inherits all ACEs defined on the parent within which it is created. Green Energy scenario In our business scenario we want to set up permissions in the Marketing area of our repository to match the on-going projects and business operations. Green Energy is currently under-going a re-branding exercise led by the marketing department, with the active participation of the board. Other people should not see any of the work in here until the re-branding group is ready to release it. Marketing should be able to add documents create folders and edit any existing documents in the folder. The executive committee represented by the group; “board” should be able to add new documents, but not change any of the existing documents. The Geo-Thermal Product Line folder is also managed by the marketing group. They add new documents here, but they want the manufacturing group to be able to correct and assist in the development of the marketing material for the product line, however they do not want manufacturing creating their own documents here. Everybody else in the organization should be able to see the contents of this folder.
Permissions 8 Alfresco Elements Finally the folder Press Releases is viewable by everyone, but only marketing can add and change documents in this folder.
Permissions Permissions 9 Permission groups Demo: Permissions set up and users In this video I will set the permissions for the three folders found in the repository - Geo-Thermal Division – Marketing folder, for the authorities Marketing, Board and EVERYONE as described in the previous slide. Branding Project For the Branding Project folder it was a requirement that no-one except the Marketing and Board groups can see this folder at this time. I will therefore turn off Inherit Permissions to remove the Consumer permission group from the EVERYONE authority. No one will be able to see this folder until I add new permissions. Marketing needed to be able to add documents, create folders and edit content. I'll add the Coordinator permission group to this authority. The Marketing group will have all possible permissions as if they were the owner of this folder. For the Board user group they needed to be able to add documents but not change existing documents. I will therefore assign the permission group Contributor to this authority. Geo-Thermal Product Line The Geo-Thermal Product Line folder is also managed by the Marketing group. I'll assign the Coordinator permission group. The Manufacturing group needed the ability to edit content but not create new content. I'll assign the Editor permission group to this authority. Everyone else should be able to see the contents of this folder so I will therefore leave the EVERYONE authority to the Consumer permission group. Press Releases For the final folder Press Releases Marketing will be Coordinators, EVERYONE will inherit the Consumer permission group.
Permissions 10 Alfresco Elements Demo: Permissions testing To show the effect of setting these permissions lets witness what specific users see when accessing the repository. Bill Dewi is Green Energy's Documentation Manager. He is neither a member of the Board, Marketing or Manufacturing. When he navigates to the repository - Geo- Thermal Division - Marketing folder he only sees the two folders Geo-Thermal Product Line and Press Releases as the EVERYONE authority has absolutely no permissions associated with the Branding Project folder. He can however enter either the Geo-Thermal Product Line or Press Releases folder and view or download content as a Consumer. When Michael Ritter (Green Energy's Executive Chairman of the Board) logs in he is able to see the Branding Project folder as he is a member of the Board authority which has been assigned the Contributor permissions group. He is able to add content to the Branding Project folder, however he can only view existing content, not edit it. For the Geo-Thermal Product Line and Press Releases folders Michael presents as an EVERYONE authority and therefore assumes the Consumer permission group. When Sebastian Koenig (Green Energy's Executive Vice President of Manufacturing) logs in he cannot see the Branding Project folder as only the Marketing and Board authorities have permissions against this folder. For the Geo-Thermal Product Line folder Sebastian can edit existing content as the Manufacturing authority has the Editor permission group assigned to this folder. He cannot however add content to this folder. Finally Harriet Slim is Green Energy's Marketing Director. As such she is able to see all folders in this section of the repository. As a member of the Marketing authority she has the Coordinator permission group and therefore can perform all possible operations. Access control lists additional All objects in the Alfresco repository have a ACL. The ability to manage object permissions is available to the owner, administrator and those holding coordinator permissions. For all new objects created in the repository it will inherit an ACL from the folder where it is located. If the object is moved to a different folder it will inherit the ACL from the new parent folder. An object owner will always be able to see that object, it is not possible to hide this from its owner.
Lab - Create permissions Permissions 11 Lab - Create permissions In this lab you will be establishing permissions to implement the business requirements of Green Energy, which govern their standard operating procedures. 1. Your tasks are: 1. Login as the administrator and navigate within the repository to: Geo-Thermal Division > Manufacturing > Standard Operating Procedures.The administrator login username is admin and the password is also admin. Use the Firefox browser found on the menu bar. 2. Ensure that the Draft folder is only visible to the Manufacturing group. (Manufacturing are responsible for creating new standard operating procedures hence this requirement.) 3. Establish permissions for the In Review folder such when documents move into the folder they should be changeable by the following groups and visible to no one else. • a. Manufacturing • b. Documentation • c. Quality Assurance This requirement is necessary as we want the standard operating procedures to be reviewed and edited by these three groups. 4. Establish permissions for the Effective folder so that it is visible to everyone and its contents are editable only by the Quality Assurance group. 5. Establish permissions such that the Superseded folder is only visible to the Quality Assurance group. 6. Finally login with the following users to verify your settings: • Matt Black – Member of everyone (username: mblack, password: mblack) • Uschi Usha - Member of Manufacturing (username: uusha, password: uusha) • Bill Dewi – Member of Documentation (username: bdewi, password: bdewi) • Tom Klein – Member of Quality Assurance (username: tklein, password: tklein)

Recommended

6 Elements_Permissions.pdf
6 Elements_Permissions.pdf6 Elements_Permissions.pdf
6 Elements_Permissions.pdfJeff Smith
 
Elements_Authentication.pdf
Elements_Authentication.pdfElements_Authentication.pdf
Elements_Authentication.pdfJeff Smith
 
Getting started with microsoft teams
Getting started with microsoft teamsGetting started with microsoft teams
Getting started with microsoft teamsDAVID RAUDALES
 
cc.pdf
cc.pdfcc.pdf
cc.pdfJeff Smith
 
dfgdgsdg
dfgdgsdgdfgdgsdg
dfgdgsdgJeff Smith
 
Elements_Content_Model_Overview.pdf
Elements_Content_Model_Overview.pdfElements_Content_Model_Overview.pdf
Elements_Content_Model_Overview.pdfJeff Smith
 
Elements_Content_Model_Overview.pdf
Elements_Content_Model_Overview.pdfElements_Content_Model_Overview.pdf
Elements_Content_Model_Overview.pdfJeff Smith
 
Elements_Architecture_and_Technology.pdf
Elements_Architecture_and_Technology.pdfElements_Architecture_and_Technology.pdf
Elements_Architecture_and_Technology.pdfJeff Smith
 

Recommended

6 Elements_Permissions.pdf
6 Elements_Permissions.pdf6 Elements_Permissions.pdf
6 Elements_Permissions.pdfJeff Smith
 
Elements_Authentication.pdf
Elements_Authentication.pdfElements_Authentication.pdf
Elements_Authentication.pdfJeff Smith
 
Getting started with microsoft teams
Getting started with microsoft teamsGetting started with microsoft teams
Getting started with microsoft teamsDAVID RAUDALES
 
cc.pdf
cc.pdfcc.pdf
cc.pdfJeff Smith
 
dfgdgsdg
dfgdgsdgdfgdgsdg
dfgdgsdgJeff Smith
 
Elements_Content_Model_Overview.pdf
Elements_Content_Model_Overview.pdfElements_Content_Model_Overview.pdf
Elements_Content_Model_Overview.pdfJeff Smith
 
Elements_Content_Model_Overview.pdf
Elements_Content_Model_Overview.pdfElements_Content_Model_Overview.pdf
Elements_Content_Model_Overview.pdfJeff Smith
 
Elements_Architecture_and_Technology.pdf
Elements_Architecture_and_Technology.pdfElements_Architecture_and_Technology.pdf
Elements_Architecture_and_Technology.pdfJeff Smith
 
Elements_Users_and_Groups.pdf
Elements_Users_and_Groups.pdfElements_Users_and_Groups.pdf
Elements_Users_and_Groups.pdfJeff Smith
 
Elements_Share_for_Administrators.pdf
Elements_Share_for_Administrators.pdfElements_Share_for_Administrators.pdf
Elements_Share_for_Administrators.pdfJeff Smith
 
Elements_User_Interfaces.pdf
Elements_User_Interfaces.pdfElements_User_Interfaces.pdf
Elements_User_Interfaces.pdfJeff Smith
 
Elements_User_Interfaces.pdf
Elements_User_Interfaces.pdfElements_User_Interfaces.pdf
Elements_User_Interfaces.pdfJeff Smith
 
Elements_User_Interfaces.pdf
Elements_User_Interfaces.pdfElements_User_Interfaces.pdf
Elements_User_Interfaces.pdfJeff Smith
 
Elements_User_Interfaces.pdf
Elements_User_Interfaces.pdfElements_User_Interfaces.pdf
Elements_User_Interfaces.pdfJeff Smith
 
Role Based ACL
Role Based ACLRole Based ACL
Role Based ACLRandy Carey
 
Frog vle software update feb 13
Frog vle software update feb 13Frog vle software update feb 13
Frog vle software update feb 13Ira Raji
 
Alfresco : Implementing Membership and Security
Alfresco : Implementing Membership and Security Alfresco : Implementing Membership and Security
Alfresco : Implementing Membership and Security Wildan Maulana
 
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdf
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdfGetting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdf
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdfJeff Smith
 
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdf
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdfGetting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdf
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdfJeff Smith
 
Files and folders
Files and foldersFiles and folders
Files and folderscatacutanjcsantos
 
Getting started with_explorer_dm_for_alfresco_community_edition_3_3
Getting started with_explorer_dm_for_alfresco_community_edition_3_3Getting started with_explorer_dm_for_alfresco_community_edition_3_3
Getting started with_explorer_dm_for_alfresco_community_edition_3_3ECNU
 
Elements_Introducing_Alfresco.pdf
Elements_Introducing_Alfresco.pdfElements_Introducing_Alfresco.pdf
Elements_Introducing_Alfresco.pdfJeff Smith
 
Fishbowl Solutions LinkSecurity for Windchill 9.x
Fishbowl Solutions LinkSecurity for Windchill 9.xFishbowl Solutions LinkSecurity for Windchill 9.x
Fishbowl Solutions LinkSecurity for Windchill 9.xBilly Cripe
 
MOSS2007 Security
MOSS2007 SecurityMOSS2007 Security
MOSS2007 Securitydropkic
 
Fastman Permissions Manager
Fastman Permissions ManagerFastman Permissions Manager
Fastman Permissions ManagerFastman
 
Cairo meetup low code best practices
Cairo meetup low code best practicesCairo meetup low code best practices
Cairo meetup low code best practicesAhmed Keshk
 
Essbase security implementation
Essbase security implementationEssbase security implementation
Essbase security implementationAmit Sharma
 
Essbase security implementation
Essbase security implementationEssbase security implementation
Essbase security implementationAmit Sharma
 
vi-vim-cheat-sheet.pdf
vi-vim-cheat-sheet.pdfvi-vim-cheat-sheet.pdf
vi-vim-cheat-sheet.pdfJeff Smith
 
dfgdgsdg
dfgdgsdgdfgdgsdg
dfgdgsdgJeff Smith
 

More Related Content

Similar to Elements_Permissions.pdf

Elements_Users_and_Groups.pdf
Elements_Users_and_Groups.pdfElements_Users_and_Groups.pdf
Elements_Users_and_Groups.pdfJeff Smith
 
Elements_Share_for_Administrators.pdf
Elements_Share_for_Administrators.pdfElements_Share_for_Administrators.pdf
Elements_Share_for_Administrators.pdfJeff Smith
 
Elements_User_Interfaces.pdf
Elements_User_Interfaces.pdfElements_User_Interfaces.pdf
Elements_User_Interfaces.pdfJeff Smith
 
Elements_User_Interfaces.pdf
Elements_User_Interfaces.pdfElements_User_Interfaces.pdf
Elements_User_Interfaces.pdfJeff Smith
 
Elements_User_Interfaces.pdf
Elements_User_Interfaces.pdfElements_User_Interfaces.pdf
Elements_User_Interfaces.pdfJeff Smith
 
Elements_User_Interfaces.pdf
Elements_User_Interfaces.pdfElements_User_Interfaces.pdf
Elements_User_Interfaces.pdfJeff Smith
 
Role Based ACL
Role Based ACLRole Based ACL
Role Based ACLRandy Carey
 
Frog vle software update feb 13
Frog vle software update feb 13Frog vle software update feb 13
Frog vle software update feb 13Ira Raji
 
Alfresco : Implementing Membership and Security
Alfresco : Implementing Membership and Security Alfresco : Implementing Membership and Security
Alfresco : Implementing Membership and Security Wildan Maulana
 
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdf
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdfGetting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdf
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdfJeff Smith
 
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdf
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdfGetting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdf
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdfJeff Smith
 
Getting started with_explorer_dm_for_alfresco_community_edition_3_3
Getting started with_explorer_dm_for_alfresco_community_edition_3_3Getting started with_explorer_dm_for_alfresco_community_edition_3_3
Getting started with_explorer_dm_for_alfresco_community_edition_3_3ECNU
 
Elements_Introducing_Alfresco.pdf
Elements_Introducing_Alfresco.pdfElements_Introducing_Alfresco.pdf
Elements_Introducing_Alfresco.pdfJeff Smith
 
Fishbowl Solutions LinkSecurity for Windchill 9.x
Fishbowl Solutions LinkSecurity for Windchill 9.xFishbowl Solutions LinkSecurity for Windchill 9.x
Fishbowl Solutions LinkSecurity for Windchill 9.xBilly Cripe
 
MOSS2007 Security
MOSS2007 SecurityMOSS2007 Security
MOSS2007 Securitydropkic
 
Fastman Permissions Manager
Fastman Permissions ManagerFastman Permissions Manager
Fastman Permissions ManagerFastman
 
Cairo meetup low code best practices
Cairo meetup low code best practicesCairo meetup low code best practices
Cairo meetup low code best practicesAhmed Keshk
 
Essbase security implementation
Essbase security implementationEssbase security implementation
Essbase security implementationAmit Sharma
 
Essbase security implementation
Essbase security implementationEssbase security implementation
Essbase security implementationAmit Sharma
 

Similar to Elements_Permissions.pdf (20)

Elements_Users_and_Groups.pdf
Elements_Users_and_Groups.pdfElements_Users_and_Groups.pdf
Elements_Users_and_Groups.pdf
 
Elements_Share_for_Administrators.pdf
Elements_Share_for_Administrators.pdfElements_Share_for_Administrators.pdf
Elements_Share_for_Administrators.pdf
 
Elements_User_Interfaces.pdf
Elements_User_Interfaces.pdfElements_User_Interfaces.pdf
Elements_User_Interfaces.pdf
 
Elements_User_Interfaces.pdf
Elements_User_Interfaces.pdfElements_User_Interfaces.pdf
Elements_User_Interfaces.pdf
 
Elements_User_Interfaces.pdf
Elements_User_Interfaces.pdfElements_User_Interfaces.pdf
Elements_User_Interfaces.pdf
 
Elements_User_Interfaces.pdf
Elements_User_Interfaces.pdfElements_User_Interfaces.pdf
Elements_User_Interfaces.pdf
 
Role Based ACL
Role Based ACLRole Based ACL
Role Based ACL
 
Frog vle software update feb 13
Frog vle software update feb 13Frog vle software update feb 13
Frog vle software update feb 13
 
Alfresco : Implementing Membership and Security
Alfresco : Implementing Membership and Security Alfresco : Implementing Membership and Security
Alfresco : Implementing Membership and Security
 
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdf
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdfGetting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdf
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdf
 
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdf
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdfGetting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdf
Getting_Started_with_Explorer_DM_for_Alfresco_Community_Edition_3_3 - Copy.pdf
 
Files and folders
Files and foldersFiles and folders
Files and folders
 
Getting started with_explorer_dm_for_alfresco_community_edition_3_3
Getting started with_explorer_dm_for_alfresco_community_edition_3_3Getting started with_explorer_dm_for_alfresco_community_edition_3_3
Getting started with_explorer_dm_for_alfresco_community_edition_3_3
 
Elements_Introducing_Alfresco.pdf
Elements_Introducing_Alfresco.pdfElements_Introducing_Alfresco.pdf
Elements_Introducing_Alfresco.pdf
 
Fishbowl Solutions LinkSecurity for Windchill 9.x
Fishbowl Solutions LinkSecurity for Windchill 9.xFishbowl Solutions LinkSecurity for Windchill 9.x
Fishbowl Solutions LinkSecurity for Windchill 9.x
 
MOSS2007 Security
MOSS2007 SecurityMOSS2007 Security
MOSS2007 Security
 
Fastman Permissions Manager
Fastman Permissions ManagerFastman Permissions Manager
Fastman Permissions Manager
 
Cairo meetup low code best practices
Cairo meetup low code best practicesCairo meetup low code best practices
Cairo meetup low code best practices
 
Essbase security implementation
Essbase security implementationEssbase security implementation
Essbase security implementation
 
Essbase security implementation
Essbase security implementationEssbase security implementation
Essbase security implementation
 

More from Jeff Smith

vi-vim-cheat-sheet.pdf
vi-vim-cheat-sheet.pdfvi-vim-cheat-sheet.pdf
vi-vim-cheat-sheet.pdfJeff Smith
 
dfgdgsdg
dfgdgsdgdfgdgsdg
dfgdgsdgJeff Smith
 
3yudh.pdf
3yudh.pdf3yudh.pdf
3yudh.pdfJeff Smith
 
nvjiz.pdf
nvjiz.pdfnvjiz.pdf
nvjiz.pdfJeff Smith
 
nvjiz.pdf
nvjiz.pdfnvjiz.pdf
nvjiz.pdfJeff Smith
 
nvjiz.pdf
nvjiz.pdfnvjiz.pdf
nvjiz.pdfJeff Smith
 
nvjiz.pdf
nvjiz.pdfnvjiz.pdf
nvjiz.pdfJeff Smith
 
nvjiz.pdf
nvjiz.pdfnvjiz.pdf
nvjiz.pdfJeff Smith
 
mctpr.pdf
mctpr.pdfmctpr.pdf
mctpr.pdfJeff Smith
 
mctpr.pdf
mctpr.pdfmctpr.pdf
mctpr.pdfJeff Smith
 
mctpr.pdf
mctpr.pdfmctpr.pdf
mctpr.pdfJeff Smith
 
mctpr.pdf
mctpr.pdfmctpr.pdf
mctpr.pdfJeff Smith
 
mctpr.pdf
mctpr.pdfmctpr.pdf
mctpr.pdfJeff Smith
 
0nba4.pdf
0nba4.pdf0nba4.pdf
0nba4.pdfJeff Smith
 
0nba4.pdf
0nba4.pdf0nba4.pdf
0nba4.pdfJeff Smith
 
4wa4i.pdf
4wa4i.pdf4wa4i.pdf
4wa4i.pdfJeff Smith
 
7k3gy.pdf
7k3gy.pdf7k3gy.pdf
7k3gy.pdfJeff Smith
 
b33t2.pdf
b33t2.pdfb33t2.pdf
b33t2.pdfJeff Smith
 
cqqk2.pdf
cqqk2.pdfcqqk2.pdf
cqqk2.pdfJeff Smith
 
ebcbe.docx
ebcbe.docxebcbe.docx
ebcbe.docxJeff Smith
 

More from Jeff Smith (20)

vi-vim-cheat-sheet.pdf
vi-vim-cheat-sheet.pdfvi-vim-cheat-sheet.pdf
vi-vim-cheat-sheet.pdf
 
dfgdgsdg
dfgdgsdgdfgdgsdg
dfgdgsdg
 
3yudh.pdf
3yudh.pdf3yudh.pdf
3yudh.pdf
 
nvjiz.pdf
nvjiz.pdfnvjiz.pdf
nvjiz.pdf
 
nvjiz.pdf
nvjiz.pdfnvjiz.pdf
nvjiz.pdf
 
nvjiz.pdf
nvjiz.pdfnvjiz.pdf
nvjiz.pdf
 
nvjiz.pdf
nvjiz.pdfnvjiz.pdf
nvjiz.pdf
 
nvjiz.pdf
nvjiz.pdfnvjiz.pdf
nvjiz.pdf
 
mctpr.pdf
mctpr.pdfmctpr.pdf
mctpr.pdf
 
mctpr.pdf
mctpr.pdfmctpr.pdf
mctpr.pdf
 
mctpr.pdf
mctpr.pdfmctpr.pdf
mctpr.pdf
 
mctpr.pdf
mctpr.pdfmctpr.pdf
mctpr.pdf
 
mctpr.pdf
mctpr.pdfmctpr.pdf
mctpr.pdf
 
0nba4.pdf
0nba4.pdf0nba4.pdf
0nba4.pdf
 
0nba4.pdf
0nba4.pdf0nba4.pdf
0nba4.pdf
 
4wa4i.pdf
4wa4i.pdf4wa4i.pdf
4wa4i.pdf
 
7k3gy.pdf
7k3gy.pdf7k3gy.pdf
7k3gy.pdf
 
b33t2.pdf
b33t2.pdfb33t2.pdf
b33t2.pdf
 
cqqk2.pdf
cqqk2.pdfcqqk2.pdf
cqqk2.pdf
 
ebcbe.docx
ebcbe.docxebcbe.docx
ebcbe.docx
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Recently uploaded (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Elements_Permissions.pdf

  • 2. 2 Alfresco Elements Contents Document information.............................................................................................................. 3 Permissions................................................................................................................................4 Lab - Create permissions.......................................................................................................11
  • 3. Document information Permissions 3 Document information Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Alfresco. The trademarks, service marks, logos, or other intellectual property rights or Alfresco and others used in this documentation("Trademarks") are the property of Alfresco and their respective owners. The furnishing of this document does not give you license to these patents, trademarks, copyrights or other intellectual property except as expressly provided in any written agreement with Alfresco. The United States export control laws and regulations, including the Export Administration Regulations of the U.S. Department of Commerce, and other applicable laws and regulations apply to this documentation which prohibit the export or re-export of content, products, services, and technology to certain countries and persons. You agree to comply with all export laws, regulations and restrictions of the United States and any foreign agency or authority and assume sole responsibility for any such unauthorized exportation. You may not use this documentation if you are a competitor of Alfresco, except with Alfresco's prior written consent. In addition, you may not use the documentation for purposes of evaluating its functionality or for any competitive purposes. If you need technical support for this product, contact Customer Support by email at support@alfresco.com. If you have comments or suggestions about this documentation, contact us at training@alfresco.com.
  • 4. Permissions 4 Alfresco Elements Permissions Introduction Alfresco provides a very sophisticated and flexible security model, in this section we look at this model from a high level perspective. In order to provide a smooth user experience the security model is simplified through the use of roles and permission groups, we look at how these work and how you can easily manage security based on these methods. Alfresco defines a very basic set of permissions, some of which are shown here. Some of these are applicable to all nodes in the repository and some are applicable only to nodes which have content. This wide range of permissions allows for very fine grain security levels, although security itself cannot be placed on anything other than a node. So for example you cannot have a read only node with a property that has write access. Don’t worry if this seems an excessively long list, you don’t have to manage these permissions individually, it’s just to show you the level of sophistication available in the Alfresco security model. Keep this in mind as we progress, since these low level permissions would form the basis of any customization of the Alfresco security model.
  • 5. Permissions Permissions 5 Permission groups In order to make security more convenient and manageable, the basic permissions are bundled together into permission groups. Permission groups can be nested, however as an administrator you will not have to create or change the in-built permission groups. The Alfresco provided permission groups should be enough for the vast majority of situations. In practice we find that rarely is the Alfresco permission model customized. The diagram shows that the lowest level permission group is consumer, with each group build up with more permissions until reaching the coordinator group. Demo: Permissions Permission groups dictate the actions, which a user can undertake in Alfresco. This presents itself as the actions, which can be executed against a repository item. Permissions also determine whether a folder within the repository is visible to an individual or group of individuals. It is the administrator who has the ability to set permissions against a repository item and additionally grant the ability to a user to manager permissions themselves. Permission group actions Permission groups dictate the actions, which a user can undertake in Alfresco. This presents itself as the actions, which can be executed against a repository item. Permissions also determine whether a folder within the repository is visible to an individual or group of individuals. It is the administrator who has the ability to set permissions against a repository item and additionally grant the ability to a user to manager permissions themselves.
  • 6. Permissions 6 Alfresco Elements The actions available to a user holding each specific permission group is shown here. These actions target either a repository folder or repository item. Remember this is not an exhaustive list of abilities and there are subtle differences between the permission groups. For example a user with the consumer permission cannot create or add new content, whereas a contributor can. A detailed matrix can be found in the Alfresco online documentation, which we encourage you to examine now. Permission groups and share permissions It is important to draw distinction between Permission groups and Share site roles. In this Alfresco Element we discuss Permissions, Permission groups and their use within the repository. You have just explored the five permission groups and the functionality they bestow to a user. Permissions are set by the administrator. Within a folder, permissions can also be managed by a user who holds the coordinator permission group, for that folder and its subfolders. The four Share site roles are given to a user and set by the site manager. This defines user abilities within that site. Permissions and Share site roles are both implemented through the individual underlying set of permissions. Access control lists An Access Control List (ACL) is an ordered list of Access Control Entries (ACEs). An ACE associates a single authority (a group, role or user) to a single permission group or permission, and states whether the permission is to be allowed or denied. All nodes have an
  • 7. Permissions Permissions 7 associated ACL. An ACL specifies if it should inherit ACEs from a parent ACL. When a new node is created it automatically inherits all ACEs defined on the parent within which it is created. Green Energy scenario In our business scenario we want to set up permissions in the Marketing area of our repository to match the on-going projects and business operations. Green Energy is currently under-going a re-branding exercise led by the marketing department, with the active participation of the board. Other people should not see any of the work in here until the re-branding group is ready to release it. Marketing should be able to add documents create folders and edit any existing documents in the folder. The executive committee represented by the group; “board” should be able to add new documents, but not change any of the existing documents. The Geo-Thermal Product Line folder is also managed by the marketing group. They add new documents here, but they want the manufacturing group to be able to correct and assist in the development of the marketing material for the product line, however they do not want manufacturing creating their own documents here. Everybody else in the organization should be able to see the contents of this folder.
  • 8. Permissions 8 Alfresco Elements Finally the folder Press Releases is viewable by everyone, but only marketing can add and change documents in this folder.
  • 9. Permissions Permissions 9 Permission groups Demo: Permissions set up and users In this video I will set the permissions for the three folders found in the repository - Geo-Thermal Division – Marketing folder, for the authorities Marketing, Board and EVERYONE as described in the previous slide. Branding Project For the Branding Project folder it was a requirement that no-one except the Marketing and Board groups can see this folder at this time. I will therefore turn off Inherit Permissions to remove the Consumer permission group from the EVERYONE authority. No one will be able to see this folder until I add new permissions. Marketing needed to be able to add documents, create folders and edit content. I'll add the Coordinator permission group to this authority. The Marketing group will have all possible permissions as if they were the owner of this folder. For the Board user group they needed to be able to add documents but not change existing documents. I will therefore assign the permission group Contributor to this authority. Geo-Thermal Product Line The Geo-Thermal Product Line folder is also managed by the Marketing group. I'll assign the Coordinator permission group. The Manufacturing group needed the ability to edit content but not create new content. I'll assign the Editor permission group to this authority. Everyone else should be able to see the contents of this folder so I will therefore leave the EVERYONE authority to the Consumer permission group. Press Releases For the final folder Press Releases Marketing will be Coordinators, EVERYONE will inherit the Consumer permission group.
  • 10. Permissions 10 Alfresco Elements Demo: Permissions testing To show the effect of setting these permissions lets witness what specific users see when accessing the repository. Bill Dewi is Green Energy's Documentation Manager. He is neither a member of the Board, Marketing or Manufacturing. When he navigates to the repository - Geo- Thermal Division - Marketing folder he only sees the two folders Geo-Thermal Product Line and Press Releases as the EVERYONE authority has absolutely no permissions associated with the Branding Project folder. He can however enter either the Geo-Thermal Product Line or Press Releases folder and view or download content as a Consumer. When Michael Ritter (Green Energy's Executive Chairman of the Board) logs in he is able to see the Branding Project folder as he is a member of the Board authority which has been assigned the Contributor permissions group. He is able to add content to the Branding Project folder, however he can only view existing content, not edit it. For the Geo-Thermal Product Line and Press Releases folders Michael presents as an EVERYONE authority and therefore assumes the Consumer permission group. When Sebastian Koenig (Green Energy's Executive Vice President of Manufacturing) logs in he cannot see the Branding Project folder as only the Marketing and Board authorities have permissions against this folder. For the Geo-Thermal Product Line folder Sebastian can edit existing content as the Manufacturing authority has the Editor permission group assigned to this folder. He cannot however add content to this folder. Finally Harriet Slim is Green Energy's Marketing Director. As such she is able to see all folders in this section of the repository. As a member of the Marketing authority she has the Coordinator permission group and therefore can perform all possible operations. Access control lists additional All objects in the Alfresco repository have a ACL. The ability to manage object permissions is available to the owner, administrator and those holding coordinator permissions. For all new objects created in the repository it will inherit an ACL from the folder where it is located. If the object is moved to a different folder it will inherit the ACL from the new parent folder. An object owner will always be able to see that object, it is not possible to hide this from its owner.
  • 11. Lab - Create permissions Permissions 11 Lab - Create permissions In this lab you will be establishing permissions to implement the business requirements of Green Energy, which govern their standard operating procedures. 1. Your tasks are: 1. Login as the administrator and navigate within the repository to: Geo-Thermal Division > Manufacturing > Standard Operating Procedures.The administrator login username is admin and the password is also admin. Use the Firefox browser found on the menu bar. 2. Ensure that the Draft folder is only visible to the Manufacturing group. (Manufacturing are responsible for creating new standard operating procedures hence this requirement.) 3. Establish permissions for the In Review folder such when documents move into the folder they should be changeable by the following groups and visible to no one else. • a. Manufacturing • b. Documentation • c. Quality Assurance This requirement is necessary as we want the standard operating procedures to be reviewed and edited by these three groups. 4. Establish permissions for the Effective folder so that it is visible to everyone and its contents are editable only by the Quality Assurance group. 5. Establish permissions such that the Superseded folder is only visible to the Quality Assurance group. 6. Finally login with the following users to verify your settings: • Matt Black – Member of everyone (username: mblack, password: mblack) • Uschi Usha - Member of Manufacturing (username: uusha, password: uusha) • Bill Dewi – Member of Documentation (username: bdewi, password: bdewi) • Tom Klein – Member of Quality Assurance (username: tklein, password: tklein)