Security & Authentication (Alfresco)

http://wiki.alfresco.com/wiki/Security_and_Authentication

Roles are collections of permissions assigned to a user. Each role comprises of a set of permissions.

Default security roles (DM)

• Consumer can read content
• Editor can read and edit content
• Contributor can read and add content
• Collaborator can read, edit, and add content
• Coordinator can read, edit, add, and delete content (full access)

Modification of the default security roles

The default permission model is defined in config/alfresco/model/permissionDefinitions.xml according to config/alfresco/model/permissionSchema.dtd.

The file that defines the permission model is defined in public-services-security-context.xml in the permissionsModelDAO bean.

1) In the extensions directory, over ride this bean to point to a file containing the complete permission definitions

 <bean id='permissionsModelDAO' class="org.alfresco.repo.security.permissions.impl.model.PermissionModel">   

 <property name="model">       

 <value>alfresco/extension/myPermissionDefinitions.xml</value>           

 </property>       

 <property name="nodeService">       

 <ref bean="nodeService" />           

 </property>       

 <property name="dictionaryService">       

 <ref bean="dictionaryService" />           

 </property>       

</bean>

2) Update the permissions definitions as required.

NTLM y SSO

Internet Explorer

Por defecto siempre envía las credenciales.

Para entrar con un usuario distinto, cambiar la configuración de IE así (ejemplo con IE8):

Tools > Internet Explorer > Security tab > Custom level... button > User Authentication > Prompt for user name and password

Firefox

Por defecto nunca envía las credenciales.

Para que sí las envíe se tiene que configurar en about:config a qué IPs o dominios debe enviarlas.

about:config

preferencia:ntlm-auth.trusted-uris

valor:bcns018.someco.local

Opera

No soporta autenticación NTLM. En Alfresco siempre usa la autenticación basada en formulario.