IBM Content Navigator, Version 2.0.3 Supports: Content Manager

Security settings for searches on IBM Content Manager

You can use the IBM® Content Navigator administration tool to modify the security of the users and groups who need to create and use searches and cross-repository searches on your IBM Content Manager repositories.

Overview of the security model for searches

The access control list of the search class, ICMSearch, determines whether users can create, edit, or use search on the repository. However, the security settings for a specific search determines the privileges that a user or group has on the search.

By default, the ICMSearch class is configured to use item-level security. The user who creates an search determines who has access to the search.

For more information, see Changes to your IBM Content Manager data model for searches.

Search roles

When you assign a user or group to a search role, the user is added to the appropriate access control lists (ACLs) and given the required privileges. The changes to the security are applied after you save your changes to the repository configuration in the IBM Content Navigator administration tool.

The privileges are granted on the ICMSearch item type. However, the security settings for a specific search determines the privileges that a user or group has on the search. For example, even though a user is given the appropriate privileges to modify searches, the user might not be able to edit a specific search based on the security assigned to the search.

Search creators

Users who can create searches on the repository. When you designate a user or group as a search creator, the user or group is given the following permissions:

The user or group is added to the ClbSearchACL ACL with the clbOwnerPrivs privilege set. This setting enables the user or group to create searches by using the ICMSearch item type.

Search editors

Users who can modify searches on the repository. Search editors cannot save changes to the search. When you designate a user or group as a search editor, the user or group is given the following permissions:

The user or group is added to the ClbSearchACL ACL with the clbEdit privilege set. This setting enables the user or group to modify (but not save) only searches to which they have the appropriate privileges.

Search users

Users who can run searches but cannot save searches. When you designate a user or group as a search user, the user or group is given the following permissions:

The user or group is added to the ClbSearchACL ACL with the clbReadOnly privilege set. This setting enables the user or group to use only searches to which they have the appropriate privileges.

By default, a search user can create searches and cross-repository searches but cannot save the searches. You can prevent users from creating searches by having them use a desktop for which the following options are selected:

Prevent users from creating searches
Prevent users from creating cross-repository searches