FileNet P8 Platform, Version 5.2

Object ownership

Object ownership

All objects have an owner property. Ownership of an object confers special privileges on that object, including the right to load the object and the right to read and modify the Permissions collection on the object and modify the owner. (As explained below, markings can be used to override the special privileges implicitly granted to owners.)

An object store administrator might need to take or change ownership of an object. For example, if a user has left documents in an exclusive checkout state but is no longer available, the administrator could take ownership of the document and cancel the checkout.

You can take ownership of an object if you have the object's Modify owner permission. You can assign ownership of an object to another authenticated user or group if you have the object store Set Owner of any object permission.

Related topics

Take or change ownership

Default Instance Security and Ownership

Each class that allows instances of itself to be created has a Default Instance Security Descriptor associated with it, exposed as the Default Instance Security tab in Administration Console for Content Platform Engine. The Default Instance Security defines the default Permissions for new objects of that class. Default Instance Security includes a default Owner. The behavior of the Default Owner is as follows:

If the Default Owner is set to a valid Security Principal, then that Security Principal will be assigned as the owner of instances of objects that are created.
If the Default Owner is NULL, the owner of instances of that class will be set to NULL.
If the Default Owner is set to #CREATOR-OWNER, then the owner of instances of objects that are created using the default will be set to the identity of the object's creator.
In all cases, the Default Owner can be overridden at object creation time by the caller.

The default value for Default Instance Security Descriptors is established at object store creation time. The default value for Default Owner is always set to #CREATOR-OWNER.

NULL Owner: Objects can have NULL Owners. When the Owner is NULL, it means that the special access rights implicitly granted to the Owner are not granted to anyone. Access checking behavior is otherwise unaffected.

Changing Ownership

The owner of an object can only be changed to the caller's security identity (assuming the caller has the Modify owner access right) if the caller has the Set owner of any object right granted by the object store. The purpose for this special capability is to provide a "back door" for allowing certain privileged users to recover access to any object (since once ownership is acquired, the Permissions collection can be modified and additional access rights can be granted to any user, including the owner).

There are two exceptions to this rule:

Exception 1 is the case when the object has a security proxy wherein changing the owner is prohibited regardless of what privileges the caller has been granted.
Exception 2 is the case when the object has one or more Markings applied that either prevent a user who has otherwise been granted Set owner of any object from even connecting to the object at all, or mask the Modify Owner access right even if the right to connect is granted.

Note: Even with these two exceptions, a backdoor is still available, except that it requires a few more steps and is restricted to GCD Administrators, that is, users granted Full Control on the EntireNetwork object (which represents the FileNet P8 domain). GCD Administrators can update access rights on Markings and can therefore grant themselves any rights on any Marking.

Creator-Owner substitution

#CREATOR-OWNER is a special grantee that is a place holder for the future owner of an object. This grantee appears in Default Instance Security permissions lists, Default Instance Owner, Security Templates permissions lists, and permissions lists on objects that can have security children - Folders for instance.

Substitution of the #CREATOR-OWNER for the actual owner occurs under the following circumstances:

When Security Templates are applied.
When an object inherits security from a parent.
When a security descriptor is initialized from the class Default Instance Security. An exception to this rule is when the Default Instance Owner is set to NULL in which case Permissions from the Default Instance Security that specify #CREATOR-OWNER as the Grantee are ignored and not copied to the Permissions collection of the created object.

Restriction: Creator substitution does not occur at Permission evaluation time. As a result, #CREATOR-OWNER does not function as a generic macro that always evaluates to the current owner.