You can use the IBM® Content
Navigator administration
tool to modify the security of the users and groups who need to create
and use searches and cross-repository searches on your IBM Content
Manager repositories.
Overview of the security model for searches
The
access control list of the search class, ICMSearch,
determines whether users can create, edit, or use search on the repository.
However, the security settings for a specific search determines the
privileges that a user or group has on the search.
By default,
the ICMSearch class is configured to use item-level
security. The user who creates an search determines who has access
to the search.
For more information, see Changes to your IBM Content Manager data model for searches.
Search roles
When you assign a user or group
to a search role, the user is added to the appropriate access control
lists (ACLs) and given the required privileges. The changes to the
security are applied after you save your changes to the repository
configuration in the IBM Content
Navigator administration
tool.
The privileges are granted on the ICMSearch item
type. However, the security settings for a specific search determines
the privileges that a user or group has on the search. For example,
even though a user is given the appropriate privileges to modify searches,
the user might not be able to edit a specific search based on the
security assigned to the search.
- Search creators
- Users who can create searches on the repository. When you designate
a user or group as a search creator, the user or group is given the
following permissions:
- The user or group is added to the ClbSearchACL ACL
with the clbOwnerPrivs privilege set. This setting
enables the user or group to create searches by using the ICMSearch item
type.
- Search editors
- Users who can modify searches on the repository. Search editors
cannot save changes to the search. When you designate a user or group
as a search editor, the user or group is given the following permissions:
- The user or group is added to the ClbSearchACL ACL
with the clbEdit privilege set. This setting
enables the user or group to modify (but not save) only searches to
which they have the appropriate privileges.
- Search users
- Users who can run searches but cannot save searches. When you
designate a user or group as a search user, the user or group is given
the following permissions:
- The user or group is added to the ClbSearchACL ACL
with the clbReadOnly privilege set. This setting
enables the user or group to use only searches to which they have
the appropriate privileges.
By
default, a search user can create searches and cross-repository searches
but cannot save the searches. You can prevent users from creating
searches by having them use a desktop for which the following options
are selected:
- Prevent users from creating searches
- Prevent users from creating cross-repository searches