Represents the definition of a value that may be assigned to a marking-controlled property. Markings provide an additional, optional layer of security that is primarily designed for the records management marketplace, but which can also be applied by non-records management applications. Markings allow controlled access to objects based on specific property values. The set of definitions for all possible Marking objects is contained in a MarkingSet collection.

A marking represents a single item in a set of markings. For example, if a set of markings is called Security Codes, items within the set might be Top Secret, Secret, Confidential, and so on. Each of those marking values contains a set of access permissions that define who can assign that specific value to an object property, who can modify or remove that specific value, and, once the value is assigned, who will have access to the object to which the value is assigned. You can assign one or more of these markings to an object. To then be able to access that object, a user must be granted sufficient access from all assigned markings. The set of all active markings (that is, those that are currently assigned to a given object) are contained in an ActiveMarkingList collection. To retrieve the active markings on a given object, get the value of its ActiveMarkings property. You can then retrieve each marking and its value.

The user's access to an object is represented by an effective access mask. The effective access is calculated using the object's permission list and subtracting the constraint mask of the applied markings. The resulting effective access is used to control what that user can do with the object.


The following tables list the members exposed by IMarking.

Public Properties

 NameDescription
Public propertyConstraintMaskA bitmask defining the access permission associated with a given marking.

If a given user does not have the appropriate rights to perform marking-related operations on the object, the access rights specified in the marking's ConstraintMask property are removed from the user's access rights for that object.

Public propertyIdA representation of the Globally Unique Identifier (GUID), a unique 128-bit number, that is assigned to this Content Engine object when the object is created. When converted to a string, the Id property is typically depicted as 32 hexadecimal characters enclosed by brackets in the following format: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}. For example, {3F2504E0-4F89-11D3-9A0C-0305E82C3301}.

For IUser and IGroup classes, the Id property takes the value of the Security Identifier (SID) rather than the 128-bit GUID. The string representation of the SID is in this example format: S-1-5-21-1559522492-2815155736-3711640725-55269. When Active Directory is used as the directory service for IBM FileNet P8, IUser.Id and IGroup.Id always return the current SID for the principal, even if this user or group has only historical SIDs populating the Active Directory server.

For a given property representation, the Id property has the following characteristics:

  • PropertyDescription.Id is equal to PropertyTemplate.Id, which is equal to PropertyDefinition.PrimaryId.
  • PropertyDefinition.Id is not equal to PropertyDefinition.PrimaryId.
  • PropertyDefinition.Id is not equal to PropertyDescription.Id.

For a newly created document object, you can override the Id property of its associated VersionSeries object before you save or check in the document for the first time.

Public propertyMarkingUseGrantedContains a bit mask that identifies which access rights have been granted to the current user. A user can be granted "Use", "Remove", and "Add" rights. The "Remove" and "Add" rights determine if the current user can remove or add a marking value on an independent object.

The primary use of this MarkingUseGranted property is to detect whether the current user has the "Use" right. The "Use" right determines whether the presence of the marking on an object constrains access to that object. If the user has "Use" right to the marking, access to associated independent objects will not be constrained by the value of the ConstraintMask property on the Marking object. The absence of the "Use" right means that the values in the ConstraintMask property will be subtracted from the associated object's effective access calculation (which is the value returned by the IndependentlyPersistableObject.GetAccessAllowed() method). In this case, the constraint mask of the marking identifies which rights cannot be granted, and will be ignored, which effectively removes those rights granted on the associated independent object's ACL.

Public propertyMarkingValueSpecifies the value to use when applying a Marking to an object that has a property associated with a MarkingSet. This value of a marking must be unique within a marking set.
Public propertyPermissionsManages the discretionary permissions assigned to the object.
Top

See Also