Default security

This topic answers the question, "What is the security behavior if administrators and users do nothing to change it?"

Object store administrative groups

Members of the groups added to the Object Store Wizard as object store administrators have Full Control of object stores and their contents, which means that while using Enterprise Manager they can perform any valid action on any item. See the Reference section for the specific actions.

Users

When creating an object store, the administrator selects one or more groups that will have basic, nonadministrative access rights. For example, if the administrator selects the Domain Users group as the nonadministrative group when creating an object store, users of the Workplace and Workplace XT applications can:

Other access rights are not set one way or the other, which means they are implicitly denied to members of nonadministrative groups.

NOTE  For any given access right (for example, View Properties), an access right has three possible settings: Allow, Deny, or neither. If an access right is neither explicitly allowed nor explicitly denied, it is "implicitly denied."

Users of other client applications (such as WebDAV and Application Integration for Office) are subject to the same security as application users but typically cannot perform as many operations.