ROLE_USER can't see folder created by ROLE_ADMIN

[sidtupper]

I'm configuring OpenKM-6.2.0-Community on a Pentium 4 with Ubuntu 12.04.1. I imported my old OpenKM 5.1 repository and created users as ROLE_USERs. I made a couple of ROLE_ADMIN users too. The ROLE_ADMIN users can see the folder with the imported repository but the ROLE_USERs can't. Security/UserRole is set as read/write/delete/security (all checked). How can I enable access of the ROLE_USERs to the imported folder?

Incidentally, in tomcat/server.xml I set 127.0.0.1 everywhere (4 instances) to 0.0.0.0. I hope that's okay.

[macjaeger]

Incidentally, in tomcat/server.xml I set 127.0.0.1 everywhere (4 instances) to 0.0.0.0. I hope that's okay.

That's overkill... changing the line starting with "<Connector port="8080" ..." is enough to make openkm reachable by all networks; binding the other connectors to the whole world only imposes unneccessary security risks.

[sidtupper]

I see now why the ROLE_USER people couldn't see the repository. As Administrator, in Desktop view I selected the folder corresponding to the repository, then clicked on the Security tab. I saw that only the ROLE_ADMIN users had access, so I clicked on Update, moved everyone else into the rhs pane and enabled then for Read/Write/Delete, with the Resursive pernission changes flag checked. Now they can see the repository.

On the localhost vs 0.0.0.0 issue, in tomcat/server.sh there are two connectors with ports=8080 so I left their addresses as 0.0.0.0 and changed the connectors on ports 8443 and 8009 back to 127.0.0.1.

Thnaks for the herlp with this.

[macjaeger]

On the localhost vs 0.0.0.0 issue, in tomcat/server.sh there are two connectors with ports=8080

That's strange - in server.xml i have only one connector using port 8080. There's another, similar line a little further down, but that block is commented out by "<!-- ... -->".

[jllort]

You're on confusion, you're talking about imported repository no ? you should not concentrate in server.xml has no relation with it.

After import you should execute some queries to replace older UserRole to new ROLE_USER, this steps are not still commented on wiki.

Something like this should be executed:

Code: Select all

-- Common
UPDATE OKM_NODE_ROLE_PERMISSION SET NRP_ROLE='ROLE_USER' WHERE NRP_ROLE = 'UserRole';
UPDATE OKM_NODE_ROLE_PERMISSION SET NRP_ROLE='ROLE_ADMIN' WHERE NRP_ROLE = 'AdminRole';
 
-- MySQL
UPDATE OKM_NODE_ROLE_PERMISSION SET NRP_ROLE=concat('ROLE_', NRP_ROLE) WHERE NRP_ROLE NOT LIKE 'ROLE_%';
 
-- PostgreSQL & Oracle
UPDATE OKM_NODE_ROLE_PERMISSION SET NRP_ROLE='ROLE_' || NRP_ROLE WHERE NRP_ROLE NOT LIKE 'ROLE_%';

[miguelromero]

Just a small tip which probably is not related to your problem, but you may also check that the default view for the ROLE_USER role has the columns enabled for the Taxonomy Panel, File Panel and others panel. If you dont set the columns on, you will see a white Panel without anything. You can enable the columns in the Administration Panel.

[thecjman]

Hi
I am on 6.2.2 zip install on ubuntu and all is working BUT NOT THE folder security
All users with ROLE_ADMIN can see all folders under okm:personal
BUT users with ANY other roles can ONLY see their own personal folder.

• U can not add the ROLE_USER to any folder from the UI so I added it from the DB side to the okm:personal folder and to a sub folder, I then can see the permissions from the UI and change them etc with the okmAdmin user logged on but if the standard user with ONLY ROLE_USER log on then - No luck
• I then ALSO added the user to okm:personal and subfolder with full permissions - BUT No luck
• I added a ROLE_PowerUser to the system and added this ROLE_PowerUser to the user, okm:personal and subfolder - BUT No luck

Any other Ideas

[jllort]

OK, I think now I understood the problem:
- Personal folder can only be accessed by own user.
- User with ROLE_ADMIN are administrator and have not any security restrictions. ROLE_ADMIN should be used with care, not be propagated to so much users. That's the idea.