For any CMS, it is very crucial to have a proper security model in place to ensure the security and integrity of contents stored in its repository. Alfresco provides a very strong, fine grain security model for contents stored in the Alfresco repository. In this article, I will explain about this security model supported by Alfresco.
Authority can be a single user or a group of users. Some authorities are dynamic, such as the owner of a node and the owner of a lock held on a node. Groups can include both other groups and users so it is possible to construct hierarchies.
Permission can be a single permission or a set of permissions. A particular permission, for example “editChildren”, may be granted or denied to an authority; a user, group, administrator, owner, etc. The children of a node will inherit permissions from their parents. So by default, the files in a folder will inherit their permissions from the folder.
Content can be a space or a document uploaded.
Thus, Alfresco helps you to assign Permission(s) for using Content(s) to a particular Authority group (s).
In addition, some of the functionalities that come under the security umbrella of Alfresco are:
- Users and user management
- Provision of personal information about users
- Groups and group management
- Ownership of nodes within the repository
- Repository wide permissions
- Permissions at the node level
- Access control which helps to restrict calls to public services to suitable authenticated users.
Alfresco comes up with five built-in roles which you use in order to give proper access controls to different users.
Consumer: This role has only Read permission. Users having this role can only read content and cannot change anything.
Editor: This includes Write and Checkout permissions in addition to Consumer permissions. These users, however, cannot create new content and cannot upload documents.
Contributor: In addition to editor permissions, this adds the Add Children permission. Means users having this role will be able to upload new documents and will be able to create content.
Collaborator: Collaborators are a combination of editor and contributor roles.
Coordinator: Users of this role will have all permissions of a particular content.
Thus, whenever you want to allocate permissions to a user on one of your spaces or a document, you normally assign one or many of these roles to the users on a particular content. It is very important for developer and administrator to understand the security model of repository before start using it otherwise it could lead to serious issues or loss of data or security frauds. Alfresco permission model is very flexible where you can create your custom roles to meet the requirements of organization.