Posts Tagged ‘security’

D2-Security ,Workflows & Life Cycles

August 23, 2019 Leave a comment

D2 Security Model

Inheritance models can be configured for both security and properties to automatically set and/or enforce permissions and metadata values based on a document’s context.


D2- Workflows

In D2Config, we only able to configure the already created workflow i.e from Process builder or workflow manager.


Differences between Workflows and Lifecycles


D2 Lifecycles Vs Documentum Lifecycles

Documentum lifecycles are generally linear, with promotion to the next state defined by a set of entry criteria. D2 lifecycles are more flexible, allowing different transition paths between states and a more extensive set of entry and exit conditions and actions. Either type of lifecycle can be used in D2, although mixing D2 and Documentum lifecycles for the same content is not recommended.



Will come back with some more posts on D2, hopefully D2 jobs next time.

Have a great weekend 🙂

Custom Plugins in D2 and Deployment – Contd..

August 22, 2019 Leave a comment

We can create and configure custom plug-ins using the Java classes and the resources that are packaged with the D2 API framework to:

  • Add features as custom actions.
  • Modify existing features by changing the pre-processing, post-processing, and the overriding D2 services.

Deploying D2 Plug-ins:

  1. Create the plug-in .jar file.
  2. Copy the plug-in .jar file to the <install path of D2>/WEB-INF/lib/ folder.
  3. Restart the web application server.
  4. Verify the plug-in installation by logging in to D2 Client and navigating to Help > About.

D2 Bin

The Recycle Bin feature manages the cancellation and deletions of documents by using a standard recycle bin approach.

The D2-Bin plug-in adds a recycling-bin approach to managing document removal in D2. If D2-Bin is:

  • Not installed, D2 permanently removes content when an end user deletes content.
  • Installed, D2 moves deleted content to an electronic recycling bin, which allows end users and functional administrators to view, permanently remove, and restore content.

Navigate to D2-Bin > Options from the menu bar.


Use C2 to extend PDF functionality of D2 with regards to adding:

  • Extra pages: you can add one or several pages at the beginning, end, or after a given page. These pages can contain content properties or variables.
  • PDF layers: you can add headers, footers, or images to all or part of documents.
  • Watermarks: you can add image or text watermarks to all or part of documents above or below text and as transparent images.
  • Dynamic pages: you can add dynamically-constructed pages, such as signature pages, gradually over the course of the lifecycle of the PDF document. Create dynamic pages in XML format so that tables can be managed based on their size. which are linked according to configurations when the document is viewed, printed, or exported.

You can use C2 to secure and apply controls to PDF documents when they are distributed out of the repository. The main functions are:

  • Ensuring only secure versions are provided when viewing, exporting, and printing.
  • Controlling printing using print counters and adding the ability to print with the note designating the recipient. D2 audits the controlled prints using the information provided by the end user when submitting the content for printing.

D2 automatically generates an XML containing the elements of the table of contents. Create and import an XSL for formatting the table of contents when viewing, printing, or exporting content in C2.

The XML uses parameters within an object in the root.

 The C2 plug-in creates a c2_rendition event in the dmi_queue_item queue to generate the PDF rendition. After completing the request and generating the PDF, D2 marks the item as dequeued but does not clear the dmi_queue_item events.

DELETE “dmi_queue_item” OBJECTS WHERE “dequeued_date” <DATE(’01/01/2013’) AND “delete_flag” = true


Use O2 to allow management of properties transfer between D2 and Microsoft Office documents as well as between .eml and .msg email messages.

Configuring Microsoft Office for O2 – Create a macro.


Thanks for your emails and various requests, Many of you have been requesting me to share information about the D2 Security and workflow features, I will write something based out of my experience in my next blog.

Alias Sets and Permission Sets

November 18, 2010 Comments off

In my previous post i discussed about the Aliases and Permission templates, today lets see what are Alias Sets and Permission sets and how exactly security works in Documentum.

What is Alias Set?

An alias set is simply a list of aliases (like “reviewer” or “supervisor”) and the values that they resolve to. Whenever an object is referenced the permission set applied on it will be taken and if this set refers to an alias set then the alias value will be resolved and applied on the object and access will be restricted based on it.

Please Note in some circumstances you may assign an empty alias value and let the client application prompt the user for a value when it is needed.

Alias Sets are an important part of a complex Documentum system’s architecture, providing a level of abstraction that can significantly reduce the effort needed to administer the Docbase. Alias sets remove the need to hard-code the names of users, groups, locations, and permission sets throughout your application and instead provide a means for setting these values dynamically as your personnel changes and your business processes evolve.

What are Permission Sets?

Access Control Lists (s) [ACLs] are Documentum’s method of restricting access to important documents and folders. ACLs control Documentum’s security layer, one of the most flexible and powerful security schemes around. The permission can also be applied on workflow access and lifecycle application also.

Access control lists are stored as persistent objects in the Docbase. Although ACLs are persistent objects having an object ID, they are not SysObjects. Version cannot be created for. If modification is done an, the server either overwrites with the changes or copies the changes the copy. What option it chooses depends on whether the directly to make the changes or reference an object that uses the.

Some Uses can be:

  • You can assign seven different levels of access to your documents in the system
  • You can assign access to individual users or to groups of users
  • Users can create their own private s that only they can use
  • System Admins can create System-Wide s that can be used by everyone
  • Extended Permissions let you really tweak what a user can do to an object
  • Different folders can have different ACLs based on requirement irrespective of their hierarchy.

This contains information about which users and groups have access to the document, and what level of access each has. When a user attempts to access an object, the Documentum Server looks in to determine which groups have access. It then looks in these groups to determine if the user is in any of the groups. It determines the user’s access level by awarding the user the highest level of access taking into account all the groups that the user is a member of.

Please Note even if you explicitly assign NONE access to a user, if they are also in a group that has READ access, the user will have READ access to the object. Always the individual privilege will be overridden by the group privilege.

Now does the Security feature Works in Documentum:

When an object is applied with some permission set then corresponding entry will be made in the backend with the reference to the applied ACL. Now when an object is accessed after that if the ACL is referring to any alias set then first the alias is converted in to actual value and from where it map’s the current accessing user’s access and provides access based on the ACL entries for that user to that specific Object that is being currently accessed. Because of this Documentum has provided wide variety for the application of security across the System. It can be like a person who is an administrator of one cabinet will have max permit of delete in those folders and cabinets where as in the other folders and cabinets and documents that are present in the system he will be having normal read permission or different based on the requirement.


Hope this is useful ,appreciate your comments and corrections if any.

Features of Windows Sharepoint Services(WSS)

June 16, 2010 Comments off

Windows Sharepoint Services 3.0 is enhanced and designed in order to deliver increased productivity by connecting people, documents and information. And also concentrates on getting more work done through sharing ideas and organize information in a better manner.

• Windows Sharepoint services 3.0 has improved UI with enhanced views and menus which helps in easy navigation of within the application and to the environment connected to the application. This feature reduces the cost involved in training resources newly introduced to the application.

• Windows Sharepoint services 3.0 is provided with Large list-indexing and cross list-indexing, these used along with specific list column properties will increase the capacity and performance and also creates a rich storage model.

• Windows Sharepoint Services 3.0 provides custom field types, which could be added as required and recurring events generated in calendars are enhanced.

• Effective easy to use collaborative tools like creation of work spaces, coordinating with calendars, communication portals, wikis and blogs, effective way of organizing documents and efficient offline synchronizing capabilities.

• Easy document management, content recovery and enhanced security features enable to create users and groups with more sophisticated controls.

• Windows Sharepoint services 3.0 provide item level security which ensures more security to the company resources. Windows Sharepoint Services uses standard windows/ASP.Net form/Web SSO authentication methods appropriately. Then the user is checked whether is authorized or not and allowed UI is visible/actionable to the user depending on the access control. This is called UI trimming. This feature helps in reduced webpage clutter and also supports easy navigation.

• Windows Sharepoint services 3.0 provide enhanced features of foundation for development and customization of web based applications and the built on applications.

• A Windows Sharepoint service 3.0 has enhanced content storage allowing more types of content to be stored and data integrity features.

%d bloggers like this: