Security & Authentication (Alfresco)
http://wiki.alfresco.com/wiki/Security_and_Authentication
Roles are collections of permissions assigned to a user. Each role comprises of a set of permissions.
Default security roles (DM)
- Consumer can read content
- Editor can read and edit content
- Contributor can read and add content
- Collaborator can read, edit, and add content
- Coordinator can read, edit, add, and delete content (full access)
Modification of the default security roles
The default permission model is defined in config/alfresco/model/permissionDefinitions.xml according to config/alfresco/model/permissionSchema.dtd.
The file that defines the permission model is defined in public-services-security-context.xml in the permissionsModelDAO bean.
1) In the extensions directory, over ride this bean to point to a file containing the complete permission definitions
<bean id='permissionsModelDAO' class="org.alfresco.repo.security.permissions.impl.model.PermissionModel">
<property name="model">
<value>alfresco/extension/myPermissionDefinitions.xml</value>
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="dictionaryService">
<ref bean="dictionaryService" />
</property>
</bean>
2) Update the permissions definitions as required.
NTLM y SSO
Internet Explorer
Por defecto siempre envía las credenciales.
Para entrar con un usuario distinto, cambiar la configuración de IE así (ejemplo con IE8):
Tools > Internet Explorer > Security tab > Custom level... button > User Authentication > Prompt for user name and password
Firefox
Por defecto nunca envía las credenciales.
Para que sí las envíe se tiene que configurar en about:config a qué IPs o dominios debe enviarlas.
about:config
preferencia:ntlm-auth.trusted-uris
valor:bcns018.someco.local
Opera
No soporta autenticación NTLM. En Alfresco siempre usa la autenticación basada en formulario.