Forums

Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Stian Sigvartsen
How to create a new "implied role" (like Owner)
February 19, 2012 4:03 PM
Answer

Stian Sigvartsen

Rank: Junior Member

Posts: 97

Join Date: August 27, 2010

Recent Posts

Liferay 6.1 CE GA1

With the introduction of the new role based permissions model, a new solution had to be developed to give special permissions to specific users for specific resources. This is called "implied roles" and the out of the box "owner" role is an example of it. So users get this role at runtime if their user ID matches the userID field of the model DB record as created by Service Builder. This is my understanding based on reading http://www.liferay.com/about-us/news/-/blogs/1339340/maximized
I can understand why this was done (performance / manageability), but it is important to retain the ability to assign permissions at the user level.

In my case, I'm looking at implementing a self service portal where employees can log in and see information that is private between them and the administrative team who manage it on their behalf. Because the information must remain available on the portal for legal reasons, I don't want to make the employee user the "owner" because then they would have full permissions, including delete permission. So the ownership has to remain with the administrative team. In Liferay terms, the administrative team is a group of users with a defined site or organisation role (i.e. not portal scoped).

The "implied role" concept seems like a good fit for meeting my requirement if I can create an implied role called "subject", representing the employee. Then I would envisage being able to add only VIEW permission to this role and hence meet my requirement.

I haven't been able to find documentation on how to create a new implied role. I would really appreciate some help.

-Stian
Stian Sigvartsen
RE: How to create a new "implied role" (like Owner)
February 27, 2012 12:57 AM
Answer

Stian Sigvartsen

Rank: Junior Member

Posts: 97

Join Date: August 27, 2010

Recent Posts

I am still contending with this problem and would really appreciate any thoughts.
If I am approaching this the wrong way, then it would be good to know too.

I have been thinking that one possibility would be to create another Liferay server which is set up to use permission algorithm 4 or 5 and then federate the user login across this new server and my current one using SAML. Maybe the SAML identity provider needs to be on a dedicated Liferay server too. I must ensure that any approach does not drastically increase administrative overheads associated with user management.

-Stian
Eric Smith
RE: How to create a new "implied role" (like Owner)
March 27, 2013 10:06 AM
Answer

Eric Smith

Rank: Junior Member

Posts: 58

Join Date: August 28, 2012

Recent Posts

Any luck finding a solution for this? I'm interested in something similar, where we want to add view permission to a specific user in certain circumstances. Usually we'll want to use roles for permissions so we don't want to use Amos' solution in your other post (http://www.liferay.com/community/forums/-/message_boards/message/12269510).

Right now the only option I can think of is to create a role that only the specific user is a part of each time this circumstance comes up. I'd really like to avoid this if possible though.

Eric