Foren

  1. Startseite
  2. Portal
  3. Organizations sites membership inheritance

Organizations sites membership inheritance

Marcos Laurito, geändert vor 10 Jahren.

Organizations sites membership inheritance

Junior Member Beiträge: 99 Beitrittsdatum: 18.04.13 Neueste Beiträge
I've a few questions about this topic:

I've created OrgA as parent of OrgB and both of them have their respective sites.
Users assigned to OrgB (child) are members of his organization site and are members of OrgA (parent) by inheritance.
The problem is that this does not work in the other direction, users assigned to OrgA (parent) are members of his organization site but they are NOT MEMBERS of the OrgB (child) site.

Can anyone explain me this behavior??
thumbnail
Jeffrey Handa, geändert vor 10 Jahren.

RE: Organizations sites membership inheritance

Liferay Master Beiträge: 541 Beitrittsdatum: 01.12.08 Neueste Beiträge
Hi Marcos,

This is how the organization hierarchy is designed to work in Liferay. Let's imagine you are an employee at a particular retail location, say a sales clerk. You'd be interested to know what's happening in your store (OrgC), but you'd also be interested in knowing about what's going in your region(OrgB ), and at the corporate level (OrgA). This would be true of most employees at the lower levels of the organization. However, most employees at the regional level aren't interested in what's going on at each of the stores in the region and most employees at the corporate level aren't interested in what's happening in each region.

The exception to this would be administrators at the corporate or regional levels. They would want to be able to manage the lower levels in the hierarchy. So the Organization Administrator role is unique in that it's permissions apply to the organization where it's assigned and any descendants of that organization.

I am sure there might be use-cases for a fully bi-directional hierarchy, but Liferay doesn't support that with the current implementation of Organizations. For users that need access to both levels you'd need to add them to both organization or sites.
Marcos Laurito, geändert vor 10 Jahren.

RE: Organizations sites membership inheritance

Junior Member Beiträge: 99 Beitrittsdatum: 18.04.13 Neueste Beiträge
Jeffrey Handa:
Hi Marcos,

This is how the organization hierarchy is designed to work in Liferay. Let's imagine you are an employee at a particular retail location, say a sales clerk. You'd be interested to know what's happening in your store (OrgC), but you'd also be interested in knowing about what's going in your region(OrgB ), and at the corporate level (OrgA). This would be true of most employees at the lower levels of the organization. However, most employees at the regional level aren't interested in what's going on at each of the stores in the region and most employees at the corporate level aren't interested in what's happening in each region.

The exception to this would be administrators at the corporate or regional levels. They would want to be able to manage the lower levels in the hierarchy. So the Organization Administrator role is unique in that it's permissions apply to the organization where it's assigned and any descendants of that organization.

I am sure there might be use-cases for a fully bi-directional hierarchy, but Liferay doesn't support that with the current implementation of Organizations. For users that need access to both levels you'd need to add them to both organization or sites.


Hi man. Thanks for the explanation.

I'm really confused now. Taking the same example as before, i have OrgB as child of OrgA. Both of them have organizations websites. The problem is that the inheritance is not working in any direction now. The users or OrgB (child) website should be users of OrgA (parent) website by inheritance. What i did is load a test document in OrgA website but the users of OrgB can't see that document, they even can't see the OrgA website so the inheritance is not working from Parents To Childs either.
Can you explain me why?
thumbnail
Jeffrey Handa, geändert vor 10 Jahren.

RE: Organizations sites membership inheritance

Liferay Master Beiträge: 541 Beitrittsdatum: 01.12.08 Neueste Beiträge
Hi Marcos,

What version of Liferay are you using? Also, have you made any modifications to portal-ext.properties? If you set the organizations.membership.strict property to true, you would see the behavior you are describing.
Marcos Laurito, geändert vor 9 Jahren.

RE: Organizations sites membership inheritance

Junior Member Beiträge: 99 Beitrittsdatum: 18.04.13 Neueste Beiträge
Jeffrey Handa:
Hi Marcos,

What version of Liferay are you using? Also, have you made any modifications to portal-ext.properties? If you set the organizations.membership.strict property to true, you would see the behavior you are describing.


I'm using Liferay Portal Community Edition 6.1.1 CE GA2 .
Following what you said, i've set that property to true but the web site membership inheritance is not working...
I'll explain my self again, i have OrgA wich has WebSiteA, and OrgB (children of OrgA) wich has WebSiteB. I imagine that if i assign users as to be members of OrgB they are auto assigned to WebSiteB (this IS WORKING) and therefore auto assigned to WebSiteA (this IS NOT WORKING) as this is the site of the parent org...

Seeing this i can't understand how Organizations and WebSites membership inheritance works...

Anyone can explain me?

Thank again
thumbnail
Christophe Cariou, geändert vor 9 Jahren.

RE: Organizations sites membership inheritance

Junior Member Beiträge: 57 Beitrittsdatum: 01.10.07 Neueste Beiträge
Hi,

I'm in the same trouble on Liferay 6.2 CE GA2

Configuration is :
- OrgParent
- OrgChild, child of OrgParent
- MyUser is member of OrgChild
- SiteOrgParent has membership defined on OrgParent
- organizations.membership.strict=false

Result :
=> MyUser can't access to (private) SiteOrgParent, despite he is a member of OrgChild, child of OrgParent.

Result expected :
=> MyUser should have access to (private) site SiteOrgParent, as he is member of a child of OrgParent

Any clue ?
thumbnail
Christophe Cariou, geändert vor 9 Jahren.

RE: Organizations sites membership inheritance

Junior Member Beiträge: 57 Beitrittsdatum: 01.10.07 Neueste Beiträge
I found this in Liferay 6.2 properties doc :


Set this property to true if you want users to only be members of the organizations to which they are assigned explicitly. 
By default, they will also become implicit members of the ancestors of those organizations.
 For example, if a user belongs to Liferay Spain, he will implicitly be a member of the ancestors Liferay Europe and Liferay Global and will be able to access their private pages.

Defaults:
    organizations.membership.strict=false


Somebody else wrote (https://www.liferay.com/fr/community/forums/-/message_boards/message/30204870) :

By default, in Liferay 6.2, hierarchical sites behave the way you describe. If a user (Joe Bloggs) is a member of a child site (Liferay Spain) but not of the parent site (Liferay) then Joe Bloggs can access Liferay Spain but not Liferay. Of course, by "access" I mean be able to visit the site's private pages. All users can visit a site's public pages.


and refering : https://issues.liferay.com/browse/LPS-27158

Have to look that...
Vinay J, geändert vor 7 Jahren.

RE: Organizations sites membership inheritance

New Member Beiträge: 9 Beitrittsdatum: 23.11.16 Neueste Beiträge
Hi Jeffrey

I logged in as admin and I have created new site site under organization org1, assigned the users user1 to it. Is there a way to restrict the same site should not be available to admin of other organization org2 ?
I tried to create private/restricted site under org1 but its still appearing for the org2. Is there a way to restrict the site1 should not be available to Org2.
Second issue, is there a way to restrict the users existing under org1 should not be available to admin of org2.