If I have to use document and media portlet in liferay with following facility then how can I achieve that?
Now From Above picture I want that if organization A user have upload something then it should be viewable by only organization A Users.
right now anyone who have permission to view the document and media portlet cans see my uploaded files.
This level of control is, I think, usually handled by creating sites for your organizations. (There are probably other approaches, which I'd like to see discussed too).
For example, if you create a site for each organization, then there will automatically be a Document and Media library that is private to that site. The site doesn't need to have any pages or anything if you don't need that.
You create the site for the organization by going to "Users and Orgainizations", clicking through to the org of interest, and then working with the "Organization Site" in the control menu.
Once the site is created, then everything at the "site" level of the control panel can be selected for the new site. When so selected, the Documents and Media portlet will show you the top level folder for your organization.
Now you can use the normal permissions settings for sub-folders or even individual items to restrict availability to "site members", which will be, in this case, "organization members".
Well if kirkz answer doesn't solve your issue then I suggest you try the following:
1) For each organisation set up a Liferay "User Role". You'll find "Roles" in the "Portal" section of the Control Panel
2) Assign the relevant users to each of the Roles that you've created based on their Organisation
3) Then go into the Document Library and set the permissions as you need for each of the folders using the Roles you've created. So for example you could have a top level folder for each organisation. Then just set the permissions on the each of those folders so only one Role can access it.
This should solve your issue, however kirkz solution is actually the way you should achieve this hierarchy.
Related
I have created a simple (display only) SPFx webpart that makes calls into a list on the same site as it is used. Standard users have read access over this list, site owners have Full Control. When I add the part to a page, even site owners cannot see it. Site Members (& Owners) are able to see the page (published or not), but the content which should be displayed by the webpart is missing. Note that the basic html is visible, but the data which should be retrieved is not. If I elevate a site owner to a site admin permission level, the webpart then works as intended and data is retrieved correctly and displayed. Note also that other webparts on other pages served from the same library work correctly for all groups.
Does anyone have any suggestions to explain this behaviour?
I have tried: Rebuilding and publishing webparts, new test pages created by the same and other user accounts both published and unpublished. I've carefully changed permissions on the "Site pages" library, the "ClientSideAssets" library and the site scoped app library itself.
I've answered my own question here. The error was caused by a REST query into the SPO list that contained a taxonomy (managed metadata) field. Expanding this field appeared to require the highest permission levels, thus all non admin users were unable to retrieve the data.
I later found an excellent article detailing the subject here.
I was able to trace this by serving through gulp into the online workbench, copying that URL into an incognito window for a different user account, and utilising the (Chrome) debugging tools. This tidy solution might potentially be of use to someone.
I would like to implement the following:
I have a "master folder" in which all subfolders are structured down. However, these subfolders are person-related and should only be visible and editable for the authorized persons including the admin -> This also means that those who do not have authorization should not even see the folder.
I was able to implement the whole thing very successfully, without problems, but with a lot of click work on the web interface.
Now I want to automate the whole thing:
create a user in Nextcloud
create a personal subfolder in the "master folder"
assign authorization
The first point has already worked without problems -> the new user is created correctly and added to the group accordingly.
The second point also worked, but I create the folders via mkdir and then execute the command occ files:scan --all. The folder is already visible for all in the "Master Folder".
Now we come to the third and last point:
I absolutely can't figure out how to create the appropriate Manage advanced permissions on command line level.
The whole group should not be able to see the folder, except the selected persons. I can't find any commands to do this without using the web interface...
I really hope that you can help me somehow, otherwise I will soon be busy with clicking only ...
I'm not 100% sure what you try to achieve here, so here are a few answers that I can think of right now:
Have new users have the same files
If your goal is to have every new user have the same files in their folder, you can just change the files in /core/skeleton. When a user is created, these files are copied into their home.
If the files change a lot you can just upload them to your admin account an share them with the group everyone. (Need the app Everyone Group for that) The users then will see the files shared with them in their homedir.
Have one folder where all users can read everything, but only write to their own folder
For this I would do the following to set it up:
Go to Settings > Group Folders
Add a group folder (let's call it master here)
Give the groups everyone and admin permissions to read and write
Activate special permissions and give them to the admin group.
Go to Files and enter the new group folder master
Click on the 'share' Symbol in the top next to the folder name
In the right hand panel, go to the share tab
At the bottom make sure that:
Admin has permissions to read/write/delete everything
Everyone only has permissions to read files and is denied everything else
These permissions are set without inheritance. (The arrow are a bit grey when inherited and full black when not)
Now you can do the following every time a user is created:
Create a folder in master (either as you suggested or sync an empty folder via nextcloudcmd)
Use the occ groupfolders:permissions command to set the permissions. See here for more information
The command probably will look something like this:
occ groupfolders:permissions <folder_id> --user=<username> <path> -- +read +write +create +delete
So if master has the folder_id 1, the user has the user_id adam and you named this folder adams_dir:
occ groupfolders:permissions 1 --user=adam /adams_dir -- +read +write +create +delete +share
I hope this is what you are looking for.
Required Apps to be installed:
Group Folders
Everyone Group
I have 10 qlikview app in AccessPoint and for specific user i want to show only 7 app.
I don't wont to use Section Access.
I use NTFS authorization
And on folder Production (where save qvw app for browser) in Properties Security i remove specific user but he still see app...
How can I handle this?
By your description it sounds like you are using publisher.
If you want to display certain QVW's to certain users, then you need to setup the distribution to "Named Users", that way you can only add users to the relevant apps and the people that are not named will not see the QVW on the accesspoint.
Also make sure on the actual QVW (right click on it, properties, security) that only the relevant people have security rights on the file.
I am using Apache Directory Studio to set up an initial user on an LDAP partition. I have added the user, and I have a group (Administrators) that I am trying to add that user to.
Users are ou=users and groups are ou=groups and where copied from ou=system. The user was created by adding an inetOrgPerson class entry.
How do I add a user to a group? What kind of class would I use and what attributes are required?
I feel I am missing a lot of information with LDAP. I got this far by ghacking (googling and hacking - the least efficient thing you can do). So, where do I go that will tell me what to do and how to get it done in a cook-book style guide, or at least some sort of detailed reference on the classes and schemas that would define what each is used for
Any help is highly appreciated!
Select your group
Right Click on the right side and select "new attribute"
Type member and/or select from list
Hit the browse button and search for your user or enter the path
Hit OK button
Using Apache Directory Studio you can interactively add a user to e.g. a groupOfNames entry by adding a value (Ctrl++) to the multivalued attribute member. Studio comes with a DN value editor which allows you to browse the Directory Information Tree for the user to add.
As for the objectClass to use for groups and users, you should consult the relevant RFC's (e.g. 4519). For a more prosaic lecture there are a couple of good books (e.g. Howe: Understanding and Deploying LDAP Directory Services).
I need to set up IP filtering in a SharePoint document library based on a group that a user is a member of. More specifically, we have groups set up for each of our customers. Each group should have an allowed IP address attached to it. When a user accesses this document library, we then need to ensure that the user is coming from the IP address attached to their customer group. The IP filtering would only apply to a single document library, not the entire site.
My only idea so far is to create a webpart that checks the user's IP address and redirects if it isn't correct. Then I could put that webpart at the top of a webpart page, and display the document library webpart below that. That's a little hokey, so I was hoping someone had a better idea.
The problem with your proposed solution of a webpart on the AllItems.aspx page is that there multiple ways to get to a document and this would not prevent someone with a direct URL from accessing the document.
You want to take advantage of SharePoint's permission structure. If the documents can be grouped by security, then you could create one library per customer (or one folder within a single library) and set the permissions based on your SharePoint groups for the library/folder. That may not work for you if you need to have one document that is available to multiple groups.
Another option is to set the library security to be restricted to only one system account. Then you could write a webpart (or application page) that checked the user's IP address and using RunWithElevatedPermissions you could get the contents of the libary that are applicable to that user. That would solve the issue of a direct link because they would have to go through your page to access the documents.