0

As soon as I take away EVERYONE from the root folder (Company Home) in alfresco, some custom webscripts stop working and respond that this folder cannot be found. I would like to give a subset of EVERYONE (eg GROUP_A) permission from the rootfolder down. The "normal" usage of alfresco through Share keeps working when I do just that, only the webscripts give me some trouble. There are answers like this one: Alfresco openCMIS connect to home folder But that's just a workaround. Maybe some kind of system user needs to have permissions on the root folder? I think this is a similar question: Alfresco webscript can't find Company Home folder

Community
  • 1
  • 1
Tom
  • 3
  • 3
  • I think that the Data Dictionary is the bit that everyone needs access to, what if you ensure they still have access to that? – Gagravarr Nov 19 '15 at 09:21
  • @Gagravarr funny enough, on my Data Dictionary inheritance of permission is off, and nobody gets any permissions there. This evidently works and I think that's because of the way we use alfresco. webapps use the admin user to go into alfresco and "do stuff". If the webapp needs to do something in name of another user (a logged in user to the webapp) the webapp gets a ticket for that user and does it's thing. – Tom Nov 20 '15 at 09:50

1 Answers1

2

The most clear answer is (depends on which version you are) that the webscripts, CMIS & Java code need to know the path of the node you are in.

In Previous Alfresco versions even in Share a user needs to have Consumer rights on the parent folder otherwise the breadcrum would fail to load and other issues.

In 4.2.x if you retrieve a document/folder and you as user don't have rights on one of the parents folders OpenCMIS code breaks. This will/should also happen on some webscripts.

A user needs rights on the template folders within Data Dictionary, so it's good to keep the EVERYONE group on Data Dictionary.

Tahir Malik
  • 6,623
  • 15
  • 22