Home > DOCUMENTUM > Security Features in Documentum

Security Features in Documentum

March 22, 2010

The following security features are part of a standard Content Server installation. Some of these are enabled automatically and some are optional. The features are:

User authentication

  • User authentication occurs automatically, regardless of whether Docbase security is active.

Password Encryption

  • Password encryption protects passwords stored in a file. Content Server automatically encrypts the passwords it uses to connect to third-party products such as an LDAP directory server.

Application-level control of SysObjects

  • Application-level control of SysObjects is an optional feature that you can use in client applications to ensure that only approved applications can handle particular documents or objects.


  • User privileges define what special functions, if any, a user can perform in a Docbase.

Object-level permissions

  • Object-level permissions are assigned using ACLs. Every SysObject in the Docbase has an ACL.


ACLs (Access Control Lists)


Auditing and tracing facilities

  • use to monitor the activity in your Docbase.

Electronic signoff

  • Electronic signature (generated and managed by Content Server)
  • Digital signature (electronic signatures in formats such as PDKS #7, XML signature, or PDF signature)
  • Simple signoffs (the least rigorous way to supply an electronic signature. Simple signoffs are implemented using the Signoff method.)

User Privileges:




0 None User has no special privileges
1 Create Type User can create object types
2 Create Cabinet User can create cabinets
4 Create Group User can create groups
8 Sysadmin User has system administration privileges
16 Superuser User has superuser privileges

Object level permissions:

  • Base Object-Level Permissions




1 None No access is permitted.
2 Browse The user can look at attribute values but not at associated content.
3 Read The user can read content but not update.
4 Relate The user can attach an annotation to the object.
5 Version The user can version the object.
6 Write The user can write and update the object.
7 Delete The user can delete the object.
  • Permitted Operations for Object-level Permissions:
Permit Fetch Getfile Annotate Check- out/in Save Destroy
Browse X
Read X X
Relate X X X
Version X X X X
Write X X X X X
Delete X X X X X X
  • Extended Object-Level Permissions
Permission Description
Change State The user can change the document lifecycle state of the object.
Change Permission The user can change the basic permissions of the object.
Execute Procedure The user can run the external procedure associated with the object.All users having at least Browse permission on an object are granted Execute Procedure permission by default for that object.
Change Location The user can change move an object from one folder to another.All users having at least Browse permission on an object are granted Change Location permission by default for that object.
%d bloggers like this: