Security and Documentum Documents

To allow users to only search documents that they are permitted to view, you will need to pass the Documentum groups they belong to the query service as the rights CGI parameter. See the section entitled "ACLs" in the Watson™ Explorer Engine User manual for more information about rights.

Because Documentum does not provide a directory service, you will need to create such a service using the Watson Explorer Engine by crawling and indexing the user/group objects associated with a Docbase.

Create a collection using the Documentum Users seed:

  • Host - Host to connect to.
  • Port - Port on which Documentum is running.
  • Username - Username used to connect to the Documentum server.
  • Password - Password used to connect to the Documentum server.
  • Docbase - Docbase from which to retrieve documents. The name of the Docbase is case-sensitive.
  • Documentum Install Dir - Location of the Documentum Installation Directory. This directory should contain both the config and Shared (or dfc in Linux) subdirectories.
  • Shared Directory (optional) - Location of the Documentum Shared directory (or dfc directory in Linux). If no path is specified, the Shared directory is assumed to be in Documentum Install Dir \Shared or in Documentum Install Dir /dfc in Linux.
  • Group/User Prefix (optional) - Prefix added to groups and users to make their names unique.
  • Maximum java heap size (optional) - The maximum size of the Java heap. Specify the heap size using the same format when using the 
    -Xmx
    argument to the 
    java
    command (512m for 512 megabytes, 2g for two gigabytes, etc). Values less than 160m are ignored.

You will then need to add the form component named Documentum Rights to the form of the source associated with your Documentum collection. You will need to specify the following parameters:

  • Documentum Users Collection - Name of the search collection in which the Documentum groups/users are indexed.
  • User OS Name (optional) - The username passed to the collection to retrieve the associated permission groups. This is usually the username part of the OS login. If not specified, the username part of $user.name will be used.
  • User OS Domain (optional) - The domain passed to the collection to retrieve the associated permission groups. This is usually the domain part of the OS login. If not specified, the domain part of $user.name will be used.
  • Query Service URL (optional) - URL of the query service serving the Documentum Users collection (for example http://mydomain.com:7205/search). If not specified, the local query service is used.
  • Admin mode (optional) - Add the dmadmin group by default, convenient for admin debugging.
Important: To make sure that no one can access the query service for your Documentum crawl without proper credentials, on the Configuration > Searching tab set the option Require rights to true.