Very specific user roles and permissions

cancel
Showing results for 
Search instead for 
Did you mean: 
trmmnt
Active Member

Very specific user roles and permissions

I have an use case that requires additional roles (8 in total) based on the assumption that permissions (e.g. Content permissions) can be individually combined to form a new role. The goal is to support very detailed control in a project team (from project owner to client, outsourced consultants etc.) like in the following table:

 

Consumer

Contributor

Collaborator

Manager

Custom Role 1 (extends a Consumer)

Custom Role N (extends a Contributor)

Add comment

no

yes

yes

yes

yes

yes

Edit comment

no

yes

yes

yes

yes

yes

Some permission

no

yes

yes

yes

no

no

 

Based on the other posts in the forum, it is pretty clear that one cannot just define the roles with any combination of permissions like saying "Custom Role 1 can do everything what a Consumer can, but it also can comment while the Custom Role N cannot do something a Contributor can".

Trying to figure out how to implement this I have come to some conclusions:

  • You can define any number of additional roles within permissionDefinitions.xml and sitePermissionDefinitions.xml but assigned permissions will not work out of the box without major customization of the Alfresco that will know how to handle new roles and permissions.
  • You cannot revoke permissions (e.g. role that extends a Contributor and revokes some of its permissions).

I have also noticed topics where it is being said that implementing dynamic authority is not the most efficient solution.

What is the most appropriate way to support such use case, if any?

Also, is there any way to define a role without any permission at all (not even read)?