Alfresco default permission license Model Reference

Basic permission (permission)

Based on the experience gained from RBAC, you can consider those started with _ as permission permits, while others as roles. In this way, other objects such as people/groups and dynamic objects can use either of them (permission and role.

_ Readproperties

Read attribute: restrict the reading of attributes of a node. The access control and attribute control of node content are separated. All attributes have the same restrictions.

_ Readchildren

Read sub-nodes: Restrict read access to sub-nodes. These permission permits can be set on independent sub-nodes. If this permission is not granted, you cannot view any subnodes.
You can find some subnodes when searching. It is not necessary to check whether the parent node of a node is visible. This constraint can be added to the configuration.

_ Writeproperties

Write attribute: Restrict writing of all attributes of a node. Content Access Control and property control are separated. All attributes have the same access restriction.

_ Readcontent

Read content: Restrict Access To node content.

_ Writecontent

Write content: restrict the creation and modification of node content.

_ Executecontent

Execution content: restrict access to the execution content.

_ Deletenode

Delete a node: restrict the deletion of a node. Currently, you do not have the permission to check the subnode When deleting a node. You can delete all the subnodes in the node. You can modify the configuration file to support the check. It takes a lot of resources and time to check whether the subnode can be deleted.

_ Deletechildren

Delete subnodes: restrict the deletion of subnodes. Similarly, you cannot move the connection to a node to another node.

_ Createchildren

Create a subnode: restrict the creation of new subnodes.

_ Linkchildren

Associate subnodes: restrict the creation of non-parent-child relationships to other nodes.

_ Deleteassociations

Delete Association: restrict the deletion of non-subnode relationships.

_ Readassociations

Read Association: restrict the reading of non-node relationships.

_ Createassociations

Create Association: restrict the creation of non-node associations.

_ Readpermissions

Read Permission permission: Restrict read permission.

_ Changepermissions

Modify permission: Restrict write permission.

A simple combination of permission permits

These are simple permission combinations that can be used to implement more complex combinations. These simple permission permits are usually used to control access to public service methods.

Fullcontrol

A permission group that includes all permission permits.

Readproperties

Read attribute permission, from basic permission _ readproperties.

Readchildren

Permission to read sub-nodes, from basic permission _ readchildren.

Writeproperties

Write property permission, from basic permission _ writeproperties.

Readcontent

Permission to read content, from basic permission _ readcontent.

Writecontent

Write Permission permission, from basic permission _ writecontent.

Executecontent

Execute the content permission license, from the basic permission license _ executecontent.

Deletenode

Delete the node permission from the basic permission _ deletenode.

Deletechildren

Delete the subnode permission from the basic permission _ deletechildren.

Createchildren

Create a subnode permission license from the basic permission license _ createchildren.

Linkchildren

Permission to connect to the subnode, from the basic permission license _ linkchildren.

Deleteassociations

Delete the associated permission from the basic permission _ deleteassociations.

Readassociations

Read Association permission, from basic permission _ readassociations.

Createassociations

Create an associated permission license from the basic permission license _ createassociations.

Readpermissions

Permission to read node permissions, from basic permission _ readpermissions.

Changepermissions

Modify the permission of the node, from the basic permission _ changepermissions.

A complex combination of permission permit crud operations

These combinations are permission licenses for a node CRUD operation.

Read

Read, including readproperties, readchildren, and readcontent ).

Write

Write (corresponding to updates in crud), including writeproperties and writecontent ).

Delete

Delete, including Enode and deletechildren ).

Addchildren (create in crud)

Add a subnode (corresponding to the creation in crud), including createchildren and linkchildren ).

Execute

Execution, including only the execution content executecontent.

Complex permission groups for Business Objects

Administrator

Administrator with all Permissions

Coordinator

Collaborators, including all custom permissions and permission groups.

Collaborator

Collaborators, including editors and contributors permission groups.

Contributor

Contributor, including the consumer permission group and add the check-out permission for sub-nodes and versions.

Editor

Editors, including consumer permission groups and check-out permission for write and version.

Consumer

Consumer, including all read permission permits.

Recordadministrator

Record administrators, including reading attributes, reading subnodes, writing attributes, reading content, deleting subnodes, creating subnodes, connecting subnodes, deleting associations, and creating associations.

Permission related to the owner
Basic permission

_ Setowner
Restrict the permission of a node. This license also requires _ writeproperties, and _ writeproperties is not necessarily included, you need to set it yourself.

Simple combination

Setowner

Include _ setowner

Complex combinations

Takeownership

Contains setowner.

Lock version-related Permissions
Basic permission

_ Lock
Lock to limit the setting of a node lock.

_ Unlock

Unlock: limits the setting for unlocking a node.

Simple permission combination

Lock
Locks, including _ Lock

Unlock
Unlock, including _ unlock

Complex permission and license combinations

Checkout
Check out, including lock.

Checkin
Check in, including unlock.

Cancelcheckout
Cancel check-out, including unlock.

Global permission

These permissions are allowed to be applied to all nodes, whether or not they are in the repository.

Fullcontrol

Authorize role_administrator to do anything in this group.

Fullcontrol

Authorize role_owner, which has all permissions. Contributors interact with the content. By default, they need to create the content. Other permissions actually come from the nodes they own. The owner is defined by ownable aspect, or this aspect does not reflect the creator of the node.

Unlock

Including role_lock_owner. The lock owner can release the lock.

Checkin

Including role_lock_owner. The lock owner can check the document and overwrite the document to obtain the lock.

Cancelcheckout

Including role_lock_owner. The owner of the lock can cancel the document detection and overwrite the document to obtain the lock.