Search Services Not Including global permissions

Description

ACS can define permissions as global. Global permission gives the authority that permission across ACS. For example:
<globalPermission permission="Read" authority="GROUP_TestGroup" /> gives GROUP_TestGroup
Gives GROUP_TestGroup READ to across Repository

This is still discussed in current documentation:
https://docs.alfresco.com/content-services/6.2/admin/security/#definingpermissions

Steps to reproduce:

(Can provide SDK project where this is reproduced)

  1. Bootstrap creation of GROUP_TestGroup

  2. Extend and bootstrap permissionDefinitions with:

  3. <globalPermission permission="Read" authority="GROUP_TestGroup" />

  4. Create Moderated Site (My Moderated Site)

  5. Create documents in Site

  6. Capture URL for moderated site document library

  7. Create User (i.e. "ddolls")

  8. Log in as ddolls

    1. Try to access moderated site document library URL

    2. Try to search for document created in moderated Site

  9. Make test user (ddolls) member of GROUP_TestGroup

    1. Try to access moderated site document library URL

    2. Try to search for document created in moderated Site

Expected Behavior:

8.a & 8.b should fail ddolls should not be able navigate, search
ddolls should be able to navigate & search (Steps 9.a & 9.b)

Observed Behaviour:

ddolls test User is not able to search

If you look at permissions on document in SOLR you can see the global permission is not present
Also, I tested this creating document directly via REST API and behavior is same.

Environment Reproduction:

ACS 6.2.2
Search Services 1.4.3
Can provide SDK project if needed

Permissions from SOLR:

Environment

None

Testcase ID

None

Activity

Show:
Martin Stanford
5 days ago

Having reviewed with search team, it appears that global permissions have never been supported.

What does the customer want to achieve here? There should be another way to obtain the same result.

Assignee

Unassigned

Reporter

Michael Wallach

Labels

ACT Numbers

00361667

Bug Priority

Category 3