I am new to alfresco. I am integrating Alfresco with the web application as an library for my application. I am logging to alfresco as a admin and I can see the Data Dictionary in my repository. I want to hide it. Is it possible?
In order to hide the Data Dictionary folder for normal users you have to properly configure permissions. By default, all folders in Alfresco use the default ACL, which makes everyone Consumer (i.e. read only). This is what makes them visible to every user.
Try one the following:
[From Alfresco Explorer]
log in as admin
go to Data Dictionary
click on More Actions -> Manage space users
remove the only one entry you have there
[From Alfresco Share]
log in as admin
go to Repository
if needed, click on "Show folders"
hover on Data Dictionary
click on More -> Manage Permissions
hover on the Actions column, click Delete
This way you hide the Data Dictionary folder to normal users. Admin users always get access to everything. With similar procedures you can configure more fine grained access levels on folders, e.g. to enable some users to access them.
Related
I have a user with permissions across many projects (see image below).
I have a new user who just joined the company. I want to give him the exact same permissions. How can I do this? I don't want to do it manually because that will take me ages and the Google Cloud Documentation is useless! I cant find much on using gcloud command line to do this with examples.
There must be a easy way to duplicate permission?
Thanks
It is indeed possible to grant a role to a member for more than one project:
Open the IAM & Admin Projects page in the GCP Console.
Select all the projects for which you want to grant permissions.
Click the Show Info Panel, followed by the Permissions tab.
Enter an email address in the Add members field, and select the desired role from the drop-down menu.
Click the Add button. The member will be granted the selected role in each of the selected projects.
Granting access rights to project is an action fraught with security risks, so bulk gcloud commands or simple copying of roles are understandably not supported.
You can find more detail on the "Granting, Changing, and Revoking Access to Resources" documentation page.
I am developing an inventory management system. I am using AppWithinMinutes (AWM). Only administrator can add, edit and delete. In this system, the user name is entered in the user field. Other fields are entering other information. How can users see only their own children when they log in to xwiki with their own name? And how can not he see the other kids?
You could implement and EventListener in your application so that, whenever an entry in your application is created, an XWikiRights object is added to the page to allow view access only to the user that created it and some admin group (that is allowed to see all the entries of all the users).
Note that it would be recommended to implement your EventListener as a WikiComponent so that it is automatically registered when your XWiki instance is restarted.
I want that when a project is scanned and it's scan result is created only Admin and a specific user can see that project in dashboard and all other places and only he can access that project. Also I want to send email to that user when project was scanned.
I know I can assign role to user and set permissions for it by going to that project, but should I have follow all these steps for this? Can't I just select a user from UI so that only that selected user can view that project?
You must define project permissions for the scanned project with only that user and admin having the permission to "Browse" the project.
If you need to do that repeatedly you may use permission templates.
See http://docs.sonarqube.org/display/SONAR/Authorization#Authorization-ProjectPermissions.
In my case I wanted to Assgin one project to a whole group of users in SonarQube 6.7.3 so the steps where the following:
Administration->Projects->Managment->Actions(of the desired project)->edit Permissions
And then, I don't know why but the current users and groups registered are not shown instantly so what you need to do is to use the search tool and search for the group or user that you are looking for. They will appear below so you'll be able to tick the permissions that you want. Also you should select the private radio button so nobody but the users or groups you selected can access the project.
I'm trying to make the "Edit" button on the Project form to only be visible if the user logged into the system is the Project Manager of that project. I've been reading various answers online regarding this, gathering some understanding of Access Rights vs. Record Rules but I haven't been able to get this working. To my understanding, Access Rights over-ride Record Rules. So, if I create a record rule under the group "Project/User" that has read and write access with the domain as the following:
[('user_id','=',user.id)]
This will be over-ridden by the Access Rights for Project/User anyway? So How would I get this to work?
Thanks to anyone who can help.
As far as I know, Record Rules can override Access Rights.
Here is an example where record rules are used to change the base_user edit capabilities depending on the Task state: https://github.com/OCA/project-service/tree/8.0/project_baseuser/security
However, the "edit" button is not dynamically visible depending on the Task Status: it's always visible but the rules may or may not allow to write upon "Save".
Access Control List is checked before Record Rules.
Because Access Control List is a CRUD security on models (create/read/update/delete).
Only if ACL is passed next record level security comes in.
As far as I understood you want to give Project User permission to edit his own projects (he is in group Project User not Project Manager but set as Project Manager for exact Project by Project Manager group user LOL).
I did this by doing the following:
1) Give project users Project Manager role.
2) Restrict them to only modify own projects by creating a Global rule (no group is set) with the following domain on update / delete operations:
['|', ('user_id','=',user.id),('create_uid','=',user.id)]
P,S, Here is screenshot - http://awesomescreenshot.com/0083nqyf76
For the model project.project, provide the write permission only to the group project manager.Go to settings/techical/security. There you can see the access control list. CHeck what all group is provided to the project.project model.for every group other than project manager, remove the write permission
I have a user profile in Salesforce which I'd like to be unable to edit some fields. Unfortunately in the Field Permissions section of the Profile Object Settings those fields appear as disabled (grayed out) but checked. Any clues?
I'm guessing you're trying to edit one of the standard profiles that ships with salesforce. This isn't allowed. Clone the profile, edit the new profile as needed, then assign users to the new profile.