Space can be secured by assigning a role to a specific user (or group) for that space.
A role refers to a set of permissions that can be applied to a folder.
Permissions are identified by a string. For example, a particular permission (say ReadChildren) may be granted or denied to an authority, regardless of whether this is a user, a group, an administrator, an owner, and so on. The children of a node will inherit permissions from their parents. So, by default, the files in a folder will inherit their permissions from the folder. Permissions set on a node take precedence over permissions set on the parent nodes. The inheritance of permissions may be turned off for any node. A permission group is a convenient grouping of permissions such as Read that is made up of ReadProperties and ReadChildren.
Alfresco uses roles to determine what a user can and cannot do in a space. These roles are associated with permissions. The following table lists the allowed permissions for each role on a given space. A user (or group) with the Consumer role on a space, can read all of the content within that space. Similarly, a user (or group) with the Contributor role on a space can create content within the space.
|
Permission |
Consumer |
Contributor |
Editor |
Collaborator |
Coordinator |
|---|---|---|---|---|---|
|
Read content within space |
X |
X |
X |
X |
X |
|
Read space Properties |
X |
X |
X |
X |
X |
|
Read subspaces |
X |
X |
X |
X |
X |
|
Read forums, topics, posts |
X |
X |
X |
X |
X |
|
Copy |
X |
X |
X |
X |
X |
|
Preview in template |
X |
X |
X |
X |
X |
|
Create content within space |
— |
X |
— |
X |
X |
|
Create subspaces |
— |
X |
— |
X |
X |
|
Create forums, topics, posts |
— |
X |
— |
X |
X |
|
Reply to posts |
— |
X |
— |
X |
X |
|
Start discussion |
— |
X |
— |
X |
X |
|
Edit spaces properties |
— |
— |
X |
X |
X |
|
Add/Edit space users |
— |
— |
X |
X |
X |
|
Delete space users |
— |
— |
— |
— |
X |
|
Add/Edit space rules |
— |
— |
X |
X |
X |
|
Delete space rules |
— |
— |
— |
— |
X |
|
Cut content/subspaces |
— |
— |
— |
— |
X |
|
Delete content/subspaces |
— |
— |
— |
— |
X |
|
Checkout content |
— |
— |
X |
X |
X |
|
Update content |
— |
— |
X |
X |
X |
|
Take ownership |
— |
— |
— |
— |
X |
You can grant permission to the users (or groups) to do specific tasks in your space. You do this by inviting users to join your space. Each role applies only to the space in which it is assigned. For example, you could invite a user (or group) to one of your spaces as an editor. You could invite the same user (or group) to a different space as a collaborator. That same user (or group) could be invited to someone else's space as a coordinator.
Follow the steps given next to invite a group of users to your space:
- Click on the Company Home menu link in the Tool Bar (on the upper-left).
- In the header, select Create | Create Space.
- Create a new space called Intranet.
- Within the Intranet space, create a subspace called Finance Department. Ensure that you are in the Finance Department space.
- In the space header, select More Actions | Manage Space Users. The Manage Space Users pane appears, as shown in following screenshot:
- Leave the Inherit Parent Space Permissions option as checked (selected). If it is not selected, uninvited users cannot see the content item. Only invited users can see the content item, and can access it, according to their assigned role.
- In the header, click the Invite link. The Invite User Wizard pane appears, as shown in the following screenshot:
- Before continuing with your invitation, you can experiment with the Search feature. Select the Groups option from the drop-down box and click on the Search button.
- From the search results, select the Finance group, give it the Coordinator role, and click on the Add to List button.
- The finance group is added to the list of invitees.
- As an administrator of the Finance Department space, you can invite the Finance group as the Coordinator (full access), and the Sales and Executive groups as Consumer (read access).
- Click on the Next button to go to the second pane, where you can notify the selected users.
- Do not select this option as you do not need to notify these selected users in this sample. Click on the Finish button to confirm your selections.
Notice the permissions given to the groups on this space, as shown in the next screenshot:
In the example above, you created a space called Finance Department. You assigned the Coordinator role (full control) to the Finance group, and the Consumer role (read access) to the Sales and the Executive groups.
Next, go to your Company Home | Intranet space and create spaces, as given in the first column of the next table. Invite groups and assign roles as indicated in the second column of the table:
|
Space name |
Group (assigned role) |
Individual (assigned role) |
|---|---|---|
|
Executive and Board |
Executive (Coordinator) |
— |
|
Company Policies |
HR (Coordinator) EVERYONE (Consumer) |
— |
|
Press and Media |
Corporate Communications (Coordinator) EVERYONE (Consumer) |
— |
|
Marketing Communications |
Marketing (Coordinator) EVERYONE (Consumer) |
— |
|
Sales Department |
Sales (Coordinator) Executive (Consumer) |
Mr. CEO (Coordinator) |
|
Finance Department |
Finance (Coordinator) Sales (Consumer) Executive (Consumer) |
— |
|
Engineering Department |
Engineering (Coordinator) EVERYONE (Consumer) |
Mrs. Presales (Coordinator) |