Represents a particular user who has access to Content Engine resources.

Access rights and permissions are assigned to a grantee, which can be a user or a group. A user's access to resources can be defined in terms of its membership in a group, but need not be. Permission objects have an associated User or Group object. Group and Realm objects have associated User objects, and can also have associated Group objects.

User accounts and the groups and subgroups to which they belong are defined and created using tools provided by your directory service product (for example, Windows Active Directory, Novell eDirectory, or Sun Java System Directory Server). Creating and modifying user accounts and groups are administrative tasks (typically performed by a system administrator) that are outside the scope of the Content Engine API.

You cannot create a new User object, but you can instantiate one that has been persisted in your directory service by:

  • Calling Factory.User.FetchCurrent, which returns the current user.
  • Calling GetInstance or FetchInstance on the Factory.User class.
  • Retrieving an individual User object from a UserSet collection object.

You can call methods on the User object to retrieve information about the user, such as the user's name and ID and to which groups the user belongs.


The following tables list the members exposed by IUser.

Public Properties

 NameDescription
Public propertyDisplayNameThe user-readable, provider-specific name of an object. This property is usually the designated Name property of the object's class.
Public propertyDistinguishedNameThe name that uniquely identifies a given group or user.

The distinguished name (DN) consists of a group or user's short name and the name of the domain to which it belongs. For example, for a group with the short name "Managers", the distinguished name might be "CN=Managers,DC=example,DC=com".

Public propertyEmailRepresents the user's email address.
Public propertyIdA representation of the Globally Unique Identifier (GUID), a unique 128-bit number, that is assigned to this Content Engine object when the object is created. When converted to a string, the Id property is typically depicted as 32 hexadecimal characters enclosed by brackets in the following format: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}. For example, {3F2504E0-4F89-11D3-9A0C-0305E82C3301}.

For IUser and IGroup classes, the Id property takes the value of the Security Identifier (SID) rather than the 128-bit GUID. The string representation of the SID is in this example format: S-1-5-21-1559522492-2815155736-3711640725-55269. When Active Directory is used as the directory service for IBM FileNet P8, IUser.Id and IGroup.Id always return the current SID for the principal, even if this user or group has only historical SIDs populating the Active Directory server.

For a given property representation, the Id property has the following characteristics:

  • PropertyDescription.Id is equal to PropertyTemplate.Id, which is equal to PropertyDefinition.PrimaryId.
  • PropertyDefinition.Id is not equal to PropertyDefinition.PrimaryId.
  • PropertyDefinition.Id is not equal to PropertyDescription.Id.

For a newly created document object, you can override the Id property of its associated VersionSeries object before you save or check in the document for the first time.

Public propertyMemberOfGroupsReturns a collection containing the groups of which a given group or user is a member.
Public propertyNameThe name for this object.

For most classes, this property is read-only and returns the value of the designated name property for the object, or its ID if there is no name property. If ClassDescription.NamePropertyIndex has a value, this property contains the value of the designated name property. If there is no designated name property value, and the object has an Id property, this property contains the string value of the Id property. If neither of these conditions is satisfied, this property contains an empty string.

For a ComponentRelationship object, this property is read/write and specifies the name of the object.

Public propertyShortNameThe short name of a given group or user.

An example of a user's short name is "test1", or a group's short name might be "Managers". The short name format does not require any other qualifying information, such as domain. See the DistinguishedName property on the IUser or IGroup interface to compare the short name format to the distinguished name (DN) format.

Top

See Also