FileNet P8 Platform, Version 5.2

How to...

Security administrators can use these procedures to modify security on FileNet® P8 objects.

About this task

In addition to the security procedures in this section, the following security-related procedures are covered elsewhere in Help:

Creating security policies.
Using Administration Console for Content Platform Engine's security editor.
Specifying object store administrators and users and administrators in the New Object Store wizard.

Add users and groups to a class
This procedure describes how to add additional accounts to the default security of a class.
Add users and groups to a single object
Securable objects like documents and folders get their initial security from the Default Instance Security ACL of their class and possibly also from the class' default security policy, if there is one. Authorized users can add to or change this initial security. Directly changing a single object's security means that only that one object will receive the changes. If the object is a document, these direct changes to a single version will continue to appear on later versions of the same document.
Add or remove a GCD administrator
As part of installing and configuring Content Platform Engine, at least one user name is defined as the GCD administrator. You can view and edit the list of users and groups at any time to add or remove GCD administrators using the procedure below.
Add or remove an object store administrator
Each object store has its own list of object store administrators (object_store_admin), initially created while running the object store wizard. You can view and edit this list at any time later on.
Allow or disallow security inheritance
You can enable or disable inheritance from a parent folder to a child folder.
Allow users to add items to a folder
You can configure the security of a folder to allow users to add new folders, documents, and other containable objects.
Change Bootstrap admin password
This procedure describes how to change the password for the Content Platform Engine system user (also known as the bootstrap administrator, or cpe_bootstrap_admin). The credentials for this account are entered during Content Platform Engine configuration. Configuration Manager places this user name and its password into the Content Platform Engine bootstrap file. When Content Platform Engine starts up, it uses the account and password to authenticate against the user registry defined in the application server.
Configure a folder's security inheritance
Use this procedure to configure the security inheritance of a folder.
Configure security inheritance
FileNet P8 gives you tools to configure security inheritance, which is the passing of permissions from a parent object to a child object.
Configure Content Platform Engine to use email or UPN for login
Use this procedure to assign the directory server's email attribute or, for Active Directory, the userPrincipalName (UPN) to be the user short name used for login.
Fix the workflow system due to shortname change
Configure inheritable depth (Apply to)
Use this procedure to configure how far an object's inheritable permissions should be inherited.
Configure multiple authenticating attributes
Use this procedure to configure your application server for more than one login attribute.
Configure multiple realms
You can create multiple authentication realms on your application server. For each authentication realm that you create, you must also create a corresponding directory configuration in Content Platform Engine so that the users and groups in the authentication realm can be authorized.
Deny an object store administrator access to a document
Use this procedure to create a marking that denies an object store administrator (object_store_admin) access to a document.
Modify an object's security
Use this procedure to modify the security of an object like a document or folder.
Restrict access to the root folder
Use this procedure if you want to keep some users from adding documents and folders to the object store's root folder.
Set security on workflow queues and rosters
The security of workflow queues and rosters can be set in the Process Configuration Console.
Take or change ownership
An object store administrator (object_store_admin) might need to take or change ownership of an object. For example, if a user has left documents in an exclusive checkout state but is no longer available, the administrator could take ownership of the document and cancel the checkout.
Update object store with new users and groups
Use this procedure to add new accounts to an object.