ACL - Alfresco Federation Services - 3.2 - 3.2 - Ready - Alfresco - external - Alfresco/Alfresco-Federation-Services/3.2/Alfresco-Federation-Services/Using/Task-List/ACL

ACL - Alfresco Federation Services - 3.2 - 3.2 - Ready - Alfresco - external - Alfresco/Alfresco-Federation-Services/3.2/Alfresco-Federation-Services/Using/Task-List/ACL - 2025-03-04

Alfresco Federation Services

Platform

Alfresco

Product

Alfresco Federation Services

Release

3.2

License

CMIS ACL modification

This task is meant to be used with a CMIS Repository connection. It will use the Repository Document id, and gather the current ACL for the document. It will then generate a new ACL based on the parameters. This task establishes a session upon initialisation, and keeps it open until the job run is complete.

The principal lists are pipe (|) delimited, to account for LDAP style principals. You will need to know the exact principal ids of the ACEs (Access Control Entries). The task works by cycling through the current ACEs and a series of if-then logic to construct a new ACL.

Configuration

User name: CMIS server user name
Password: CMIS server password
Connection URL: CMIS server url
Repository ID: CMIS repository ID
Pipe (|) delimited list of principals to ignore from each document: A list of principals to ignore and not add modifications to. The ‘ignore’ list will bypass any modification to a matching ACE and add it directly back to the new ACL.
Pipe (|) delimited list of principals to remove from each document: A list of principals to be removed from the ACL. The remove list will skip over a matching ACE, leaving it out.
Comma delimited list of principals to add to each document: A list of principals to be added to the ACL. The add list is checked separately and will generate a new ACE will the selected permissions.
Permission to add to the principals: Not ignored ACEs and added ACEs will have this permission added to them in the ACL.
- Read
- Write
- All

FileNet ACL Modification

The purpose of this task is change the permission lists of integrated documents in the IBM FileNet Repository.

Authentication Connector ID: The ID of your P8 Authentication connection is available in the Authentications Connection under the Integration menu. You can find it the url of the edit or view page for the connection
Change List: Pipe (|) delimited list of principals to change from each document.
Permissions to Change: Access level for the changed permissions.
Add List: Pipe (|) delimited list of principals to add to each document
Permissions to Add: The access level to add to the new permissions.
Removal List: Pipe (|) delimited list of principals to remove from each document.

Note that any permission not added to these lists will be ignored.

File System ACL Extraction

Extracts ACLs from the Windows or Linux filesystem document and adds them to the repository document.

File System Operating System: The operating system that these files are being read from.
Append _DENY to Deny ACL Type permissions: Appends _DENY to the end of an extracted permission if it’s of the type DENY, in case you want to track this later on.

This task will have some different behaviour depending on your operating system. In a POSIX environment (macOS or Linux) permissions may be added as the field document.permissions with the permissions in a semicolon(;) delimited list, if any exist.

If the filesystem supplies an owner, it will be added as simflofy.owner.

Additionally, simflofy will create a permission map of the principals and their permissions. It will set is as the originalPermissions field:

Map<String, Set<String>> permissions = new Map<>();
//process acls
rd.setOriginalPermissions(permissions);

Finally, if any User Defined File Attributes (extended attributes), they will be added as a semicolon delimited list in the field simflofy.userattributes.

Generic ACL Mapper

The generic ACL mapper job task allows you to create simple rules for matching principles and permissions from one system to another. ACLs will need to be extracted from each document. This task reads the originalPermissions field of the document and sets the transformedPermissions field.

LIMITED USAGE Only the Azure Blob, CMIS, and Alfresco Connectors can use this task. For all other acl mapping, a JavaScript task is required (see General).

Process Files and Process Folders tells the task what to process.
Mapping Rules: These rules will map the role/permissions on the left with the ones you want to match on the right.
- Permissions on the right will be from the source and those on the left will be for the target.
- Both side of a rule can be a comma delimited list.
- Each rule must end with a semicolon (;)
Authority Clean up: A comma delimited list of principals to remove as part of the task.
Enabling parsing: Enable parsing for multiple permissions to be assigned to an authority after mapping?
- For example, [Write]=WRITE_DATA with this box checked will allow ‘Write’ to be added on as an extra permission to an authority’s newly mapped permissions.