Posts Tagged ‘security’

Alias Sets and Permission Sets

November 18, 2010 Comments off

In my previous post i discussed about the Aliases and Permission templates, today lets see what are Alias Sets and Permission sets and how exactly security works in Documentum.

What is Alias Set?

An alias set is simply a list of aliases (like “reviewer” or “supervisor”) and the values that they resolve to. Whenever an object is referenced the permission set applied on it will be taken and if this set refers to an alias set then the alias value will be resolved and applied on the object and access will be restricted based on it.

Please Note in some circumstances you may assign an empty alias value and let the client application prompt the user for a value when it is needed.

Alias Sets are an important part of a complex Documentum system’s architecture, providing a level of abstraction that can significantly reduce the effort needed to administer the Docbase. Alias sets remove the need to hard-code the names of users, groups, locations, and permission sets throughout your application and instead provide a means for setting these values dynamically as your personnel changes and your business processes evolve.

What are Permission Sets?

Access Control Lists (s) [ACLs] are Documentum’s method of restricting access to important documents and folders. ACLs control Documentum’s security layer, one of the most flexible and powerful security schemes around. The permission can also be applied on workflow access and lifecycle application also.

Access control lists are stored as persistent objects in the Docbase. Although ACLs are persistent objects having an object ID, they are not SysObjects. Version cannot be created for. If modification is done an, the server either overwrites with the changes or copies the changes the copy. What option it chooses depends on whether the directly to make the changes or reference an object that uses the.

Some Uses can be:

  • You can assign seven different levels of access to your documents in the system
  • You can assign access to individual users or to groups of users
  • Users can create their own private s that only they can use
  • System Admins can create System-Wide s that can be used by everyone
  • Extended Permissions let you really tweak what a user can do to an object
  • Different folders can have different ACLs based on requirement irrespective of their hierarchy.

This contains information about which users and groups have access to the document, and what level of access each has. When a user attempts to access an object, the Documentum Server looks in to determine which groups have access. It then looks in these groups to determine if the user is in any of the groups. It determines the user’s access level by awarding the user the highest level of access taking into account all the groups that the user is a member of.

Please Note even if you explicitly assign NONE access to a user, if they are also in a group that has READ access, the user will have READ access to the object. Always the individual privilege will be overridden by the group privilege.

Now does the Security feature Works in Documentum:

When an object is applied with some permission set then corresponding entry will be made in the backend with the reference to the applied ACL. Now when an object is accessed after that if the ACL is referring to any alias set then first the alias is converted in to actual value and from where it map’s the current accessing user’s access and provides access based on the ACL entries for that user to that specific Object that is being currently accessed. Because of this Documentum has provided wide variety for the application of security across the System. It can be like a person who is an administrator of one cabinet will have max permit of delete in those folders and cabinets where as in the other folders and cabinets and documents that are present in the system he will be having normal read permission or different based on the requirement.


Hope this is useful ,appreciate your comments and corrections if any.

Features of Windows Sharepoint Services(WSS)

June 16, 2010 Comments off

Windows Sharepoint Services 3.0 is enhanced and designed in order to deliver increased productivity by connecting people, documents and information. And also concentrates on getting more work done through sharing ideas and organize information in a better manner.

• Windows Sharepoint services 3.0 has improved UI with enhanced views and menus which helps in easy navigation of within the application and to the environment connected to the application. This feature reduces the cost involved in training resources newly introduced to the application.

• Windows Sharepoint services 3.0 is provided with Large list-indexing and cross list-indexing, these used along with specific list column properties will increase the capacity and performance and also creates a rich storage model.

• Windows Sharepoint Services 3.0 provides custom field types, which could be added as required and recurring events generated in calendars are enhanced.

• Effective easy to use collaborative tools like creation of work spaces, coordinating with calendars, communication portals, wikis and blogs, effective way of organizing documents and efficient offline synchronizing capabilities.

• Easy document management, content recovery and enhanced security features enable to create users and groups with more sophisticated controls.

• Windows Sharepoint services 3.0 provide item level security which ensures more security to the company resources. Windows Sharepoint Services uses standard windows/ASP.Net form/Web SSO authentication methods appropriately. Then the user is checked whether is authorized or not and allowed UI is visible/actionable to the user depending on the access control. This is called UI trimming. This feature helps in reduced webpage clutter and also supports easy navigation.

• Windows Sharepoint services 3.0 provide enhanced features of foundation for development and customization of web based applications and the built on applications.

• A Windows Sharepoint service 3.0 has enhanced content storage allowing more types of content to be stored and data integrity features.

%d bloggers like this: