Represents a group of user accounts defined by the directory service on the Content Engine server.

Access rights and permissions are assigned to a grantee, which can be a user or a group. Access rights can be assigned to a group regardless of whether the group has any members. Users can be added to the group later. When a user is added to a group, the user automatically gains the access rights assigned to the group to which it belongs. A group can also have subgroups.

Security on objects, such as folders and documents, can pertain to particular groups. These groups, and the users and subgroups that make up the group's membership, are defined and created using tools provided by your directory service product (for example, Windows Active Directory, Novell eDirectory, or Sun Java System Directory Server). Creating user accounts and the groups to which they belong are administrative tasks (typically performed by a system administrator) that are outside the scope of the Content Engine API.

You cannot create a new Group object, but you can instantiate one that has been persisted in your directory service by:

  • Calling GetInstance or FetchInstance on the Factory.Group class.
  • Retrieving an individual Group object from a GroupSet collection object.

You can call methods on the Group object to retrieve information about the group, such as its name and ID, or to get references to other objects. References to other objects may include the users who are members of the group and the subgroups or parent groups of the group.


The following tables list the members exposed by IGroup.

Public Properties

 NameDescription
Public propertyDisplayNameThe user-readable, provider-specific name of an object. This property is usually the designated Name property of the object's class.
Public propertyDistinguishedNameThe name that uniquely identifies a given group or user.

The distinguished name (DN) consists of a group or user's short name and the name of the domain to which it belongs. For example, for a group with the short name "Managers", the distinguished name might be "CN=Managers,DC=example,DC=com".

Public propertyGroupsA collection of Group objects belonging to a given realm or group.
Public propertyIdA representation of the Globally Unique Identifier (GUID), a unique 128-bit number, that is assigned to this Content Engine object when the object is created. When converted to a string, the Id property is typically depicted as 32 hexadecimal characters enclosed by brackets in the following format: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}. For example, {3F2504E0-4F89-11D3-9A0C-0305E82C3301}.

For IUser and IGroup classes, the Id property takes the value of the Security Identifier (SID) rather than the 128-bit GUID. The string representation of the SID is in this example format: S-1-5-21-1559522492-2815155736-3711640725-55269. When Active Directory is used as the directory service for IBM FileNet P8, IUser.Id and IGroup.Id always return the current SID for the principal, even if this user or group has only historical SIDs populating the Active Directory server.

For a given property representation, the Id property has the following characteristics:

  • PropertyDescription.Id is equal to PropertyTemplate.Id, which is equal to PropertyDefinition.PrimaryId.
  • PropertyDefinition.Id is not equal to PropertyDefinition.PrimaryId.
  • PropertyDefinition.Id is not equal to PropertyDescription.Id.

For a newly created document object, you can override the Id property of its associated VersionSeries object before you save or check in the document for the first time.

Public propertyMemberOfGroupsReturns a collection containing the groups of which a given group or user is a member.
Public propertyNameThe name for this object.

For most classes, this property is read-only and returns the value of the designated name property for the object, or its ID if there is no name property. If ClassDescription.NamePropertyIndex has a value, this property contains the value of the designated name property. If there is no designated name property value, and the object has an Id property, this property contains the string value of the Id property. If neither of these conditions is satisfied, this property contains an empty string.

For a ComponentRelationship object, this property is read/write and specifies the name of the object.

Public propertyShortNameThe short name of a given group or user.

An example of a user's short name is "test1", or a group's short name might be "Managers". The short name format does not require any other qualifying information, such as domain. See the DistinguishedName property on the IUser or IGroup interface to compare the short name format to the distinguished name (DN) format.

Public propertyUsersA collection of User objects belonging to a given realm.
Top

See Also