Venugopal T a écrit : > > Hi Olivier, > > Thanks for the response! > >> Venugopal T a écrit : >> > >> > We would like to use Nuxeo ECM with our app, but I am struggling to find >> > the related documentation. What we want to do are the following >> > >> > * Our application has the user/role management built in, so we would >> > like to reuse this. >> >> Then you must override the groupDirectory definition (in >> nuxeo.ear/config/default-sql-users-contrib.xml) to point to your > database for >> the users and group definitions hopping the structure is compatible >> (one to one >> field mapping) with the users and group schemas of nuxeo. > > Our structure is very different from Nuxeo's. In fact we don't have > groups/subgroups, we have only Users and Roles. I suppose our roles are > somewhat equivalent to Nuxeo groups in their purpose. So my questions is > : If the users/group editing of Nuxeo isn't going to be used, would it > be possible to create a readonly database views similar to Nuxeo's?
In your case you can map your applicative Roles to Nuxeo Groups and then map Nuxeo permissions to those groups using the Rights tab of the root folders in Nuxeo. However loosing the sub groups system might be a problem. You can investigate with the MultiDirectory configuration to build a virtual group directory that is an aggregation of a nuxeo specific group directory with a second generic group directory that is a view on your roles database: http://doc.nuxeo.org/5.1/components/org.nuxeo.ecm.directory.multi.MultiDirectoryFactory.html#extension_point_directories You will then have to setup three directories for the groups: - one SQLDirectory for the Nuxeo specific groups stored in some internal SQL database - one SQLDirectory to fetch the roles configuration on your company SQL database - one multi directory named groupDirectory (to replace the default SQLDirectory) that will aggregate the entries of the previous directories But then the setup of the user membership relations might be a bit tricky to get right. >> > * Once logged in, ECM should use our user/roles tables to grant the >> > user access to the documents. >> >> You should give the ReadWrite permission to one of your groups that > represents >> the editors of the Nuxeo application at the root domain of nuxeo so > that those >> permissions are inherited in the whole document tree of Nuxeo. > > Ok. What I understand is that this group can then manage the rights of > other users or roles on all child documents. Is this right? To manage the permissions you will also need the "WritePermissions" permission or the God-level permission "Everything". -- Olivier _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm
