To get the Alfresco’s implementation of Sharepoint protocol to work properly on Vista/Office 2007 with NTLM authentication you need to mess a bit with your registry. I consider you did your job and are using fully updated versions of both Vista and Office.
Open up the Alfresco Share, navigate to the document library and locate some Office document and click Edit online. Likely, the file will open read-only. So, implement this fix from Microsoft’s article KB 870853.
If you try again, file will open up fine but when you save it you’ll get an error message stating “Word did not save the document”. To fix this stop or disable the Web Client Windows service using Services MMC snap-in.
Sharepoint protocol should work completely now.
If you are the guy/girl responsible for implementing permissions model for your business case you might find yourself in trouble. Let us imagine a scenario where business case states that certain users should be able to create new content but not be able to delete anything. That’s the easy one, you’ll likely say, and assign Contributor role to those users.
Lets check Contributor role definition from the Alfresco wiki:
Includes the Consumer permission group and adds AddChildren and CheckOut.
They will, by default own anything they create and have the ROLE_OWNER authority.
Hm, ROLE_OWNER looks suspicious:
“FullControl” granted to “ROLE_OWNER”
The owner (as defined by the ownable aspect, or, if the aspect is not present the node creator) is allowed all rights. This interacts with contributor for cm:content. They only need the right to create content in the default set up; all other rights come from the fact that they own the nodes they create.
To sum up the above, users that are just contributors can delete everything they create and you likely don’t want that.
So what can we do to fix this. There are two options and both have certain drawbacks. Continue reading