This document discusses Alfresco's membership and security model. It covers creating and managing users and groups, assigning permissions and roles, and securing spaces and content. The core concepts covered include users and groups, default permissions and roles, authentication, and how to extend security policies. Specific steps are provided for inviting users to spaces and content and assigning them appropriate roles to govern access.
A brief introduction to the CMIS spec and some tips and tricks for developers new to CMIS. Demos showed how to install and use cmislib, the Python API for CMIS, and OpenCMIS, the Java API. Both projects are part of Apache Chemistry. Originally given as part of an Alfresco webinar. Recording: http://blogs.alfresco.com/wp/webcasts/2012/01/getting-started-with-cmis-2/
Using this presentation you will learn dividing the browser window into different parts(frame). With frames, several Web pages can be displayed in the same browser window.
The objective of this article is to describe what to monitor in and around Alfresco in order to have a good understanding of how the applications are performing and to be aware of potential issues.
A brief introduction to the CMIS spec and some tips and tricks for developers new to CMIS. Demos showed how to install and use cmislib, the Python API for CMIS, and OpenCMIS, the Java API. Both projects are part of Apache Chemistry. Originally given as part of an Alfresco webinar. Recording: http://blogs.alfresco.com/wp/webcasts/2012/01/getting-started-with-cmis-2/
Using this presentation you will learn dividing the browser window into different parts(frame). With frames, several Web pages can be displayed in the same browser window.
The objective of this article is to describe what to monitor in and around Alfresco in order to have a good understanding of how the applications are performing and to be aware of potential issues.
Web Visualization with HTML5, CSS3, and JavaScript is the course with the rapidly changing web
development technologies, it has become important to stay in line with them to progress within the industry,
which is why this course in web virtualization has been brought to you to spruce up your web designing and
animating skills using HTML5, CSS3 and JavaScript. The latest features of HTML5, CSS3 and JavaScript is set
to be provided to you through this course, hence, it is desired that you have basic knowledge on these
programming languages for a smoother learning experience.
This course will start off by walking you through the CSS3 virtualization techniques to design and
animate webs. You will be taught how to create a 3D element using CSS transition and to transform animates
into 2D and 3D, along with an insight into the elements of scalable vector graphics which is needed to create basic
images and polygons and to animate.
Our tutors will further take you through the canvas aspects of HTML5 to start drawing grids and
animations using it. You will also get to learn how to create a callback and create and activate a queue that is
needed in animating and the animation libraries that will be essential to your web designing projects. By the end
of this course, you will have an outstanding knowledge of web visualization using HTML5, CSS3 and
JavaScript to secure yourself a prominent place within the web development industry.
This 20-minute presentation provides an introduction to several HTML5 semantic tags: article, section, aside, header, footer, nav. Includes how you can address browser compatibility issues.
Alfresco has provided an implementation of CMIS ever since the first draft of the specification was announced. It is the CMIS repository that all others are compared to. In this session, you'll learn how Alfresco maps to the CMIS domain model and explore how CMIS services such as query behave through live examples. You'll see how easy it is to build applications against CMIS including the use of unique Alfresco features such as Aspects.
Access to Memory (AtoM) is an open source web application for standards-based archival description and access - learn more at:
https://www.accesstomemory.org
These slides will provide users with an overview of how search works in AtoM, along with a detailed walkthrough of using the Advanced search panel, and performing Expert searches in AtoM.
The slides were originally created by Dan Gillean, AtoM Program Manager, for use in a series of training workshops delivered July 9-13, 2018 at the University of the Witswatersrand in Johannesburg, South Africa. The slides are based on current functionality in AtoM release 2.4.
In this session, we'll discuss architectural, design and tuning best practices for building rock solid and scalable Alfresco Solutions. We'll cover the typical use cases for highly scalable Alfresco solutions, like massive injection and high concurrency, also introducing 3.3 and 3.4 Transfer / Replication services for building complex high availability enterprise architectures.
This presentation is an introduction to the new features of
HTML5. The main elements of this document are:
* Brief history of HTML5
*The improvements
* Browser support
* Semantic elements
* Content Editable on pages
* Video Tag
* Canvas tag
* Local storage
* Geolocation API
* Offline applications
* Microdata
* Use cases
PANORAMA NECTO 14 TRAINING - Panorama is leading a Business Intelligence 3.0 revolution and a creation of a new generation of Business Intelligence & Data Discovery solutions that enable organizations to leverage the power of Social Decision Making and Automated Intelligence to gain insights more quickly, more efficiently, and with greater relevancy.
www.panorama.com
Web Visualization with HTML5, CSS3, and JavaScript is the course with the rapidly changing web
development technologies, it has become important to stay in line with them to progress within the industry,
which is why this course in web virtualization has been brought to you to spruce up your web designing and
animating skills using HTML5, CSS3 and JavaScript. The latest features of HTML5, CSS3 and JavaScript is set
to be provided to you through this course, hence, it is desired that you have basic knowledge on these
programming languages for a smoother learning experience.
This course will start off by walking you through the CSS3 virtualization techniques to design and
animate webs. You will be taught how to create a 3D element using CSS transition and to transform animates
into 2D and 3D, along with an insight into the elements of scalable vector graphics which is needed to create basic
images and polygons and to animate.
Our tutors will further take you through the canvas aspects of HTML5 to start drawing grids and
animations using it. You will also get to learn how to create a callback and create and activate a queue that is
needed in animating and the animation libraries that will be essential to your web designing projects. By the end
of this course, you will have an outstanding knowledge of web visualization using HTML5, CSS3 and
JavaScript to secure yourself a prominent place within the web development industry.
This 20-minute presentation provides an introduction to several HTML5 semantic tags: article, section, aside, header, footer, nav. Includes how you can address browser compatibility issues.
Alfresco has provided an implementation of CMIS ever since the first draft of the specification was announced. It is the CMIS repository that all others are compared to. In this session, you'll learn how Alfresco maps to the CMIS domain model and explore how CMIS services such as query behave through live examples. You'll see how easy it is to build applications against CMIS including the use of unique Alfresco features such as Aspects.
Access to Memory (AtoM) is an open source web application for standards-based archival description and access - learn more at:
https://www.accesstomemory.org
These slides will provide users with an overview of how search works in AtoM, along with a detailed walkthrough of using the Advanced search panel, and performing Expert searches in AtoM.
The slides were originally created by Dan Gillean, AtoM Program Manager, for use in a series of training workshops delivered July 9-13, 2018 at the University of the Witswatersrand in Johannesburg, South Africa. The slides are based on current functionality in AtoM release 2.4.
In this session, we'll discuss architectural, design and tuning best practices for building rock solid and scalable Alfresco Solutions. We'll cover the typical use cases for highly scalable Alfresco solutions, like massive injection and high concurrency, also introducing 3.3 and 3.4 Transfer / Replication services for building complex high availability enterprise architectures.
This presentation is an introduction to the new features of
HTML5. The main elements of this document are:
* Brief history of HTML5
*The improvements
* Browser support
* Semantic elements
* Content Editable on pages
* Video Tag
* Canvas tag
* Local storage
* Geolocation API
* Offline applications
* Microdata
* Use cases
PANORAMA NECTO 14 TRAINING - Panorama is leading a Business Intelligence 3.0 revolution and a creation of a new generation of Business Intelligence & Data Discovery solutions that enable organizations to leverage the power of Social Decision Making and Automated Intelligence to gain insights more quickly, more efficiently, and with greater relevancy.
www.panorama.com
About us
BISP is an IT Training and Consulting Company. We are Subject Matter Experts for DHW and BI technologies. We provide Live virtual Online global IT support and services like online software training, live virtual online lab services, virtual online job support with highly intellectual professional trainers and skilled resources , predominantly In Oracle BI, Oracle Data Integrator, Hyperion Product stack, Oracle Middleware solution, Oracle SoA, AIA Informatica, IBM Datastage and IBM Cognos .
BISP has footprints virtually across USA, CANADA, UK, SINGAPORE, SAUDI ARABIA, AUSTRALIA and more by providing live virtual support services from India for fresh graduates, opt students, working professionals etc. Being a live virtual online training the support , training and service methodology is just click away considerably reducing your TIME,INFRASTRUCTURE and Cost effective.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
2. Overview
In this presentation you will learn about the concepts and the
underlying framework behind Alfresco's security model and
membership system. The Alfresco security model is flexible
and allows you to choose either built-in security or an
external security model defined by your organization via
systems such as LDAP and Active Directory. You will
understand various security models and learn to choose the
one most suited to your enterprise's requirements. Alfresco's
membership system is highly scalable and can cater for
hundreds and thousands of users and content managers.
3. You Will Learn...
• Create, update and delete users
• Group users based on the activities they perform
• Search for and locate users and group
• Extend the security policy
• Secure spaces and individual content as per
your organizational security requirements
• Choose a suitable security model
• Migrate existing users and group to Alfresco
4. Alfresco Membership and
Security Model
• Users and Group
• Permissions and Roles
• Authentication
• How is Security Imposed in
Alfresco ?
5. Users and Group
• Users are individual members, whereas groups are logical
categorizations of users.
6. Permissions and Roles
• Permissions define access rights on spaces and content.
Out of the box, Alfresco supports extensive permission
settings on spaces and content.
• A permission group is a convenient grouping of
permissions such as Read made up of ReadProperties and
ReadChildren. Each one of these permissions is applicable
to node, space, space properties, sub-space, content,
content properties, and business rules. The following are
typical permissions groups:
– Read
– Edit
– Add
– Delete
7. Permissions and Roles - 2
• Roles are collections of permissions assigned to a user.
Each role comprises of a set of permissions. Alfresco
provides out-of-the-box support for the following roles:
– Consumer can read content
– Editor can read and edit content
– Contributor can read and add content
– Collaborator can read, edit, and add content
– Coordinator can read, edit, add, and delete
content (full access)
• Alfresco roles and permissions may be extended to
support your requirements.
8. Authentication
• Alfresco imposes authentication using the user name
and password pair.
• Authentication is performed at the following entry
points to the Alfresco repository:
– Web client
– CIFS
– FTP
– WebDAV
– Web Services
– Spring beans exposed as public services in Java
10. Example
Space Title Group Assigned Role
Finance Department Finance Coordinator — Full Access
Sales Consumer — Only Read
Access
Executive Consumer — Only Read
Access
Company Policies HR Coordinator — Full Access
EVERYONE Consumer — Only Read
Access
11. Manage System Users
• Create a Space for All Users
• Create New Users
• Search for Existing Users
• Modify User Details
• Deleting a User
In Alfresco, each user can have his or her individual space. The location and name
for a space can be specified while creating a user account. The user for which a space
is created becomes the owner of that space. As an owner, the user can have full
access to his or her space.
12. Create Space for All Users
• To create a new space for users, follow the steps below:
– Click on the Company Home menu link in the tool bar (top left).
– In the header click on Create | Create Space.
– The create space dialog is displayed as shown in the following
screenshot.
– In the Name text box, type Users Home.
– In the Description text box, type Contains spaces for all
users.
– Click on the Create Space button to create the space.
13. Create New User
• Before adding users, you will need to know the
following details for each user:
– First Name
– Last Name
– Email ID (valid corporation email address)
– Company ID (for customer extranet, this could
be customer's company name)
– User name (log-in ID)
– Password
– Home space name (usually user name)
14. To Create New User
1. In any space, click on the administration console button provided in the
top tool bar
2. The administration console pane appears. Click on the Manage System
Users link.
3. In the header, click the Create User link
19. Individual User Access
• New User Log in and My Home Page
• Update Personal Details and
Password
Once a user account is created by the administrator, the user can log in to the system.
The administrator can set up an automated script to send an email to the user with
user id and password information.
22. Manage User Groups
• Create Groups and Sub-Groups
• Add Users to a Group
• Remove Users from a Group
23. Create Groups and Sub-Groups
• Follow the steps given below to create a group:
1. In any space, click on the administration console icon. The
Administration Console pane appears.
2. Click the Manage User Groups link. The Groups Management
pane appears.
3. In the header, click Create | Create Group. The Create Group
Wizard appears as shown in the screenshot below. Specify
Executive as Group Identifier, which is the group used for all
company executives. Click on the Create Group button to
confirm.
24. Create Groups and Sub-Groups #2
• Create additional group :
– Finance
– Sales
– HR
– Marketing
– Executive
– HR
– Engineering
– QA
– Documentation
25. Add Users to a Group
To add users to a group, click on the add users icon as shown in the following
screenshot. The Add User dialog will pop up. You can search for the system users
and add them to a group as shown in the next screenshot. Click on the OK button
to confirm the operation.
29. Default Permissions
• Alfresco supports a number of permissions to access the spaces, content,
properties, etc. The following are some of the permissions for spaces:
– ReadProperties — Read space properties
– ReadChildren — Read the content within a space
– WriteProperties — Update properties such as title their description
– DeleteNode — Delete space
– DeleteChildren — Delete content and sub-spaces within a space
– CreateChildren — Create content within a space
• The following are some of the permissions for content items:
– ReadContent — Read file
– WriteContent — Update file
– ReadProperties — Read file propertie
– WriteProperties — Update file properties such as title, description, etc.
– DeleteNode — Delete file
– ExecuteContent — Execute file
– SetOwner — Set ownership on a content item
A complete list of default permissions and roles is provided in the Alfresco
configuration file <config>modelpermissionDefinitions.xml.
30. Default Roles
• Roles are collections of permissions assigned to users in a
specific space. Sub-spaces may inherit permissions from their
parent space. Roles may also be applied to individual content
items. The following table lists the default roles supported out of
the box by Alfresco:
Role Permission
Consumer Read spaces and content
Editor Consumer + edit existing content
Contributor Consumer + add new content
Collaborator Editor + Contributor
Coordinator Full Control
31. Global Permissions
Excerpt from <config>modelpermissionDefinitions.xml
<!-- -->
<!-- Global permissions apply regardless of any particular node context. -->
<!-- They can not be denied by the permissions set on any node. -->
<!-- -->
<!-- Admin can do anything to any ndoe -->
<globalPermission permission=quot;FullControlquot; authority=quot;ROLE_ADMINISTRATORquot;/>
<!-- For now, owners can always see, find and manipulate their stuff -->
<globalPermission permission=quot;FullControlquot; authority=quot;ROLE_OWNERquot;/>
<!-- Unlock is granted to the lock owner -->
<globalPermission permission=quot;Unlockquot; authority=quot;ROLE_LOCK_OWNERquot;/>
<!-- Check in is granted to the lock owner -->
<globalPermission permission=quot;CheckInquot; authority=quot;ROLE_LOCK_OWNERquot;/>
<!-- Cancel check out is granted to the locak owner -->
<globalPermission permission=quot;CancelCheckOutquot; authority=quot;ROLE_LOCK_OWNERquot;/>
32. Create a Custom Role
You can add a new custom role as per your security requirements. You will have
to include details of the custom role in permissionDefinitions.xml, which is the
permission definitions file located at <config>model
<permissionGroup name=quot;TestRolequot; allowFullControl=quot;falsequot;
expose=quot;truequot; >
<includePermissionGroup permissionGroup=quot;Readquot; type=quot;sys:basequot; />
<includePermissionGroup permissionGroup=quot;AddChildrenquot;
type=quot;sys:basequot;/>
<includePermissionGroup type=quot;cm:lockablequot;
permissionGroup=quot;CheckOutquot;/>
</permissionGroup>
33. Secure Your Spaces
• User Roles on a Space
• Invite Users to Your Space
• Define and Secure Your Spaces
34. User Roles on a Space
Permission Consume Contributor Editor Collaborato Coordinator
r r
Read Content X X X X X
within space
Read Space X X X X X
Properties
Read Sub-spaces X X X X X
Read Forums, X X X X X
Topics, Posts
Copy X X X X X
Preview in Template X X X X X
Create Content X X X
within space
Create Sub-Spaces X X X
Create Forums, X X X
Topics, Posts
35. Permission Consume Contributor Editor Collaborato Coordinator
r r
Reply to Posts X X X
Start Discussion X X X
Edit Space's X X X
Properties
Add/Edit Space X X X
users
Delete Space users X
Add/Edit Space X X X
rules
Delete Space rules X
Cut Content/ Sub- X
Spaces
Delete X
Content/Sub-
Spaces
Check-out Content X X X
Update Content X X X
Take Ownership X
36. Invite Users to Your Space
• You can grant permission the users (or groups) to do
specific tasks in your space.
You do this by inviting users to join your space. Each role
applies only to the space in
which it is assigned. For example, you could invite a user
(or group) to one of your
spaces as an editor. You could invite the same user (or
group) to a different space as
a collaborator. That same user (or group) could be invited
to someone else's space as
a coordinator.
37. Invite Users to Your Space #2
1. Click on the Company Home menu link in the tool bar (top left).
2. In the header click the Create | Create Space link.
3. Create a new space called Intranet.
4. Within the Intranet space create a sub-space called Finance
Department. Ensure that you are in the Finance Department
space.
5. In the space header, click More Actions | Manage Space
Users. The Manage Space Users pane appears as shown in
the following screenshot:
38. Invite Users to Your Space #3
6. Leave the Inherit Parent Space Permissions option as
checked (selected). When it is not selected, uninvited users
cannot see the content item. Only invited users can see the
content item, and can access it according to their assigned role.
7. In the header, click the Invite link. The Invite User Wizard
pane appears as shown in the following screenshot:
39. Invite Users to Your Space #4
8. Before continuing with your invitation, you can experiment with
the Search feature. Select the Groups from the drop-down box
and click on the Search button.
9. From the search results, select the Finance group, give it the
Coordinator role and click on the Add to list button.
10.The finance group is added to the list of invitees.
11.As an administrator of the Finance Department space, you can
invite the Finance group as coordinator (full access) and the
Sales and Executive groups as consumer (read access).
12.Click on the Next button to go to the second pane, where you
can notify the selected users.
40. Invite Users to Your Space #5
13.Do not select this option as you do not have to notify these
selected users in this sample. Click on the Finish button to
confirm.
Notice the permissions given to the groups on this space as
shown in the screenshot below:
41. Define and Secure Your Spaces
• In the example above, you created a space called
Finance Department and you gave the Coordinator
role (full control) to the Finance group and gave the
Consumer role (read access) to the Sales and
Executive groups.
• Next, go to your Company Home | Intranet space
and create spaces as given in the first column of the
table overleaf. Invite groups and assign roles as
indicated in the second column of the table on the
next slide :
42. Define and Secure Your Spaces
Space Name Group (Assigned Role) Individual (Assigned Role)
Executive and Board Executive (Coordinator)
Company Policies ● HR (Coordinator)
● EVERYONE (Consumer)
Press and Media ● Corporate
Communications
(Coordinator)
● EVERYONE (Consumer)
Marketing ● Marketing (Coordinator)
Communications ● EVERYONE (Consumer)
Sales Department ● Sales (Coordinator) Mr. CEO (Coordinator)
● Executive (Consumer)
Finance Department ● Finance (Coordinator)
● Sales (Consumer)
● Executive (Consumer)
Engineering Department ● Engineering Mrs. Presales (Coordinator)
(Coordinator)
● EVERYONE (Consumer)
44. User Roles for Content
• Alfresco uses roles to determine what a user can and cannot do with the
content. These roles are associated with permissions. The table below
shows each role and the permissions for that role for content:
PermissionsX Consumer Contributor Editor Collaborator Coordinator
Read Content X X X X X
Read Content Properties X X X X X
Copy X X X X
Preview in Template X X X X X
Start Discussion X X X
Edit Content X X X
Edit Properties X X X
Apply Versioning X X X
Apply Categorization X X X
Check-out X X X
Update X X X
Take ownership X
Cut X
Delete X
45. Invite Users to Your Content
• Typically security and access control rules are defined at the
space level. It is not advised to secure individual content items
as it may become unmanageable with large numbers of files. It is
the best practice to secure the parent space rather than securing
the content itself. However, you can still control the access to a
specific content item.
• Follow the steps below to invite users to your content item:
1. Go to a space and add a file by clicking on the Add
Content link.
2. Click on the View Details icon for the file to see the
detailed view of the content.
3. From the right-hand side Actions menu, click on the
Manage Content Users link, to assign users to this
content item for collaboration.
4. Search and select a user and assign a Collaborator role
to the user.
46. Choosing the Right Security
Model for You
• Use Alfresco Out-of-the-Box
Membership System
• Configuring LDAP for Centralized
Identity Management
• Configuring NTLM for Single Sign-on
It is very important to choose a suitable security model at
the beginning of Alfresco implementation. The authentication
mechanism, user profile data storage, security settings,
business rules, etc. are all based on the security model you choose.
47. The Scenario
Scenario 1: I would like to build an extranet as a stand-alone application to share
documents with my customers. I have over 500 customers who will access the site,
and I would like to control and manage the security. I need a flexible and highly
scalable membership system.
In this scenario, the out-of-the-box Alfresco membership
system would be able to solve the problem.
I work in the IT department of a large university. Over the years, the
various departments have developed their own sites with local authentication and
authorization. Our university has a directory-based central authentication system.
How can I consolidate all the sites and provide a central point of authentication and
authorization for all our sub-sites?
In this scenario, it would make sense configure Alfresco
with LDAP for centralized identity management.
48. Use Alfresco Out-of-the-Box Membership
System
• Alfresco out of the box security includes the following
functionality:
– User management
– Provision of user personal information
– User authentication
– Group management
– Ownership of nodes within repository
– An extendable permission model
– Access control, to restrict call to public services
authenticated users
49. Configuring LDAP for Centralized Identity
Management
• There are three parts to Alfresco LDAP configuration
– Authentication
– Scheduled jobs for loading people and groups
– The authentication context (which configures LDAP
authentication and how people and groups are
extracted from LDAP).
A template configuration is provided in
alfresco/extensions/ldap‐authentication-
context.xml.sample.
50. Configuring NTLM for Single Sign-on
A template configuration is provided in
alfresco/extensions/ntlm‐authentication-context.xml.sample.
To enable NTLM authentication you need to edit
the web.xml file (the location of the file depends on
the application server used) and uncomment <filter> elements
for NTLM.
To enable NTLM pass-through you need to replace the file
<config>/authentication-services-context.xml with the <config>/
authentication-services-context.ntlm file.
51. Migrate Existing Users to
Alfresco
• Using Command-Line Scripts to Bulk
Upload Users
• Bootstrapping the Alfresco
Repository with Pre-Defined User
Data
• Using Web Services API to Create
Users
54. Bootstrapping the Alfresco Repository with
Pre-Defined User Data
• The Alfresco repository supports a bootstrap process,
which is initiated whenever the repository is first started.
The process populates the repository with information that
is required upon first log in, such as system users, data
dictionary definitions, and important root folders.
55. Using the Web Services API to Create Users
• You may also use the web services API to
programmatically create users in Alfresco. This is useful if
you already have another software application to manage
users and you would like to create users in Alfresco from
that application as needed.
56. Summary
• The Alfresco membership framework is very secure,
flexible, scalable, and customizable. Roles are collections
of permissions assigned to users (Consumer, Contributor,
Editor, Collaborator, and Coordinator). You can manage
system users and groups through the administration
console. Security is imposed by assigning a role to a
specific user or group for a specific space or content.
Authentication is possible using Alfresco's built-in
membership system, NTLM, and LDAP. You can bulk
upload users to Alfresco using command-line utilities and
the web services API.