The creator of an item or a library/album/slideshow is by default the owner of the object. Owner of an object is granted all permissions. However, there are cases that we might want to change the ownership of an object. Here are some possible scenarios:
1. a user has left the department
2. somebody uploaded an offensive image to a public/shared library and this image needs to be quaranteed.
Only domain admins can change the ownership of an object. The ownership can only be assigned to a user, not to a group nor to Public. Domain admins can change the ownership of a library or of a collection object (such as album or slideshow) or of an individial item.
The owner of a library has admin priviledge explicitly applied on the object (this is a workaround for an Alfresco bug). After transfering the ownership of a library from user A to user B, user B becomes the new owner and also have the explicit admin priviledge on the library. User A is no longer the owner, but the explicit admin priviledge remains unless somebody (with the right permission) removes it.
Changing the owner of the album is very different from changing owner of a library because album contains LINKS to items (not items itself) and doesn't do permission control. If ownership on an album is transfered from user A to user B. User B becomes the new owner and can delete the album, add new items to the album, change the album, but he might not be able to see the old items in the album. The ability to see items in the album is determined by the item/library permission, not by the album permission. The new owner also might not be able to further share this album.
The owner of a item object doesn't have admin priviledge explicitly applied on the object. After transfering the ownership of the item object from user A to user B, user B becomes the new owner. User A is no longer the owner.
The inherit option is to specify if the object inherits from its parents. When changing ownership of a library or album, it should never inherit from its parents and should not be given this option. Item objects should have this option. If inherit is true, it means the parent folder permission also applies to this object. If inherit is true, it means the parent folder permission doesn't apply to this object.
After transfering the ownership of the item object from user A to user B, and set the inherit permission to true. User B becomes the new owner. If User A is the owner of the library, user A should still have all permissions to the item. If the inherit permission is set to false and if User A doesn't have explicit item level permission, user A should not be able to see the item.
Rules for ownership change:
change ownership of an item:
1. the requesting user must be domain admin
2. the new owner must be a user
3. the new owner must be different from the old owner
Change ownership of a library:
1. the requesting user must be domain admin
2. the new owner must be a user
3. the new owner must be different from the old owner
Change ownership of an album or a slideshow:
1. the requesting user must be domain admin
2. the new owner must be a user
3. the new owner must be different from the old owner
4. If the album/slideshow is not empty and if the album/slideshow is shared, the new owner must either have admin rights over all items in the album or the items in the album must be publicly viewable. Otherwise, the ownership can't be changed.
5. If the album/slideshow is not empty and if the album/slideshow is not shared, the new owner must have read rights over all items in the album
Alfresco problems and workarounds:
Since owner of an object by default have all permission of the object, we don't need to add explicit admin permission for the owner. However, after changing ownership of a library, the new owner can't view child items under the library. Alfresco has entered this as a bug at https://issues.alfresco.com/jira/browse/ETWOTWO-741 . As a workaround, we have to add explicit admin permission for the new owner when ownership is transftered. Also to be consistent, we are adding explicit admin permission for the owner when the library is first created.
Another problem is that if we change the ownership of an item, even though inherit is set to true, owner of the parent library doesn't have access to the item any more. Giving library owner explicit admin permission also fixes that.