Limiting User's Trac Access - tsgrp/HPI GitHub Wiki

This is being moved to the alfresco documentation

How To Limit a User's Trac Access

As of HPI 2.5, Trac Security can be configured based on repository groups in the HPI admin.

  1. Navigate to the HPI Admin and click "Trac Security" from the menu on the left
  2. Select the trac(s) you would like to secure from the list of tracs on the left hand side of the config
  3. Click on the new trac bar that appeared and a list of groups will appear
  4. Select all groups you would like to have access to this trac and save the config - if you would no longer like to secure the trac, click the "remove trac security" button instead

Now, every time a user tries to access a secured trac, the application will check the Trac Security config to see if they a part of a group that is allowed to access the trac. If the user has no tracs they are allowed to access, they will be logged out of the application and be notified to contact their system administrator.

The above method is the recommended approach for limiting trac access, however the repository security method outlined below will still function.

The items below are left here for HPI < v2.5

Documentum

  1. Create a ACL (trac_name_acl)
  • Add groups to ACL and give READ or WRITE permission
  • Give dm_world NONE permission
  1. Apply new ACL to Trac, Stage and Search configs
  • Any user's not in the groups given READ/WRITE access should not be able to view the specified trac.

Alfresco

All configs are just text documents in Alfresco. To limit user access to a trac, you will just need to restrict the users that have read access on those documents (like you would any other document).

  1. Log into Share as an admin user and navigate to the /hpi/configs/TracConfig folder. You will see a file for each of your tracs.
  2. Click on the config you wish to restrict access to. On the right-hand side, click on Manage Permissions.
  3. Near the top on the right hand side, uncheck 'Inherit Permissions' if it is selected.
  4. Click on 'Add User/Group' and add the groups/users that should have access to this document.
  5. Make sure to give the HPI Administrators group write access to the config file so admins can edit the trac config through HPI Admin.
  6. Click the 'Save' button
  7. Repeat for other tracs/configs as needed. We recommend restricting your Stage and Search configs as well as your trac configs.