Predefined administrative privilege sets
IBM® Content Manager provides many predefined administrative privilege sets that define access privileges for most users. Before you create additional privilege sets, check whether the provided privilege sets fit the needs of your content management system.
All predefined privilege sets are also administrative privilege sets. You can view descriptions of predefined administrative privilege sets in the details pane of the system administration client when you expand Authorization in the system administration tree and click Privilege Sets. Administrators can also create new privilege sets by modifying the existing privilege sets to suit their particular needs.
The following table lists the predefined administrative privilege sets in IBM Content Manager and identifies the privileges that belong to each privilege set.
| Privilege set | Privilege set definition | Privileges in set |
|---|---|---|
| AllPrivs | For a system administrator who can perform all of the tasks described under the other privileges, including all client privileges. | All privileges |
| ClientUserAllPrivs | For a user who can perform all client tasks, but does not have administrator privileges. The user can search documents and perform process and folder related actions. |
|
| ClientUserCreateAndDelete | For a user who can load documents into IBM Content Manager, import and scan items, index documents, and start items on workflow and delete items. |
|
| ClientUserEdit | For a user who can update items, annotations, and note logs, can perform searches, and can view and print documents. |
|
| ClientUserReadOnly | For a user who can search, view, and print documents, and view annotations and note logs. The user cannot perform process related actions, folder related actions, or make any updates. |
|
| SysAdminCM | For an IBM Content Manager administrator who can perform all IBM Content Manager system administration tasks including managing users, privileges, and access control lists, administering the data model, and performing client tasks. |
|
| SysAdminSubDomainCM | For a system administrator who can work only with subdomains and users, groups, privilege sets, access control lists, and resource managers. Includes all client tasks. |
|
| SysAdminSubDomainEIP | For an IBM Content Manager system administrator who can work only with subdomains and users, groups, privilege sets, and access control lists. Includes all client tasks. |
|
| SysAdminSuper | For a system administrator who can perform all IBM Content Manager system administration tasks and all client tasks. |
|
| SystemRMServicesAdmin | Allows users to run resource manager services processes (replicator, migrator, asynchronous recovery, asynchronous delete, asynchronous logging of retrievals), but restricts them from logging into any Content Management clients (such as the system administration client). | SystemExecRMServicesAdmin |
| UserDBConnect | Allows users to connect to the database without having their own database user ID. The users are required to enter a password. | AllowConnectToLogon |
| UserDBTrustedConnect | Allows users to connect to the database without having their own database user ID. The users do not have to enter a password. | AllowConnectToLogon, AllowTrustedLogon |
| Noprivs | No privileges at all. This privilege set might be useful for a temporary user setting. | None |