Space can be secured by assigning a role to a specific user (or group) for that space.
A role refers to a set of permissions that can be applied to a folder.
Permissions are identified by a string. For example, a particular permission (say ReadChildren
) may be granted or denied to an authority, regardless of whether this is a user, a group, an administrator, an owner, and so on. The children of a node will inherit permissions from their parents. So, by default, the files in a folder will inherit their permissions from the folder. Permissions set on a node take precedence over permissions set on the parent nodes. The inheritance of permissions may be turned off for any node. A permission group is a convenient grouping of permissions such as Read
that is made up of ReadProperties
and ReadChildren
.
Alfresco uses roles to determine what a user can and cannot do in a space. These roles are associated with permissions. The following table lists the allowed permissions for each role on a given space. A user (or group) with the Consumer role on a space, can read all of the content within that space. Similarly, a user (or group) with the Contributor role on a space can create content within the space.
Permission |
Consumer |
Contributor |
Editor |
Collaborator |
Coordinator |
---|---|---|---|---|---|
Read content within space |
X |
X |
X |
X |
X |
Read space Properties |
X |
X |
X |
X |
X |
Read subspaces |
X |
X |
X |
X |
X |
Read forums, topics, posts |
X |
X |
X |
X |
X |
Copy |
X |
X |
X |
X |
X |
Preview in template |
X |
X |
X |
X |
X |
Create content within space |
— |
X |
— |
X |
X |
Create subspaces |
— |
X |
— |
X |
X |
Create forums, topics, posts |
— |
X |
— |
X |
X |
Reply to posts |
— |
X |
— |
X |
X |
Start discussion |
— |
X |
— |
X |
X |
Edit spaces properties |
— |
— |
X |
X |
X |
Add/Edit space users |
— |
— |
X |
X |
X |
Delete space users |
— |
— |
— |
— |
X |
Add/Edit space rules |
— |
— |
X |
X |
X |
Delete space rules |
— |
— |
— |
— |
X |
Cut content/subspaces |
— |
— |
— |
— |
X |
Delete content/subspaces |
— |
— |
— |
— |
X |
Checkout content |
— |
— |
X |
X |
X |
Update content |
— |
— |
X |
X |
X |
Take ownership |
— |
— |
— |
— |
X |
You can grant permission to the users (or groups) to do specific tasks in your space. You do this by inviting users to join your space. Each role applies only to the space in which it is assigned. For example, you could invite a user (or group) to one of your spaces as an editor. You could invite the same user (or group) to a different space as a collaborator. That same user (or group) could be invited to someone else's space as a coordinator.
Follow the steps given next to invite a group of users to your space:
Notice the permissions given to the groups on this space, as shown in the next screenshot:
In the example above, you created a space called Finance Department. You assigned the Coordinator role (full control) to the Finance group, and the Consumer role (read access) to the Sales and the Executive groups.
Next, go to your Company Home | Intranet space and create spaces, as given in the first column of the next table. Invite groups and assign roles as indicated in the second column of the table:
Space name |
Group (assigned role) |
Individual (assigned role) |
---|---|---|
Executive and Board |
Executive (Coordinator) |
— |
Company Policies |
HR (Coordinator) EVERYONE (Consumer) |
— |
Press and Media |
Corporate Communications (Coordinator) EVERYONE (Consumer) |
— |
Marketing Communications |
Marketing (Coordinator) EVERYONE (Consumer) |
— |
Sales Department |
Sales (Coordinator) Executive (Consumer) |
Mr. CEO (Coordinator) |
Finance Department |
Finance (Coordinator) Sales (Consumer) Executive (Consumer) |
— |
Engineering Department |
Engineering (Coordinator) EVERYONE (Consumer) |
Mrs. Presales (Coordinator) |