Represents an independently persistable, subclassable container for a list of security templates. Through an object's SecurityPolicy property, a SecurityPolicy object is associated with a Document, CustomObject, or Folder object, and subclasses of those objects. When you create an object of one of these types, you can optionally assign a SecurityPolicy object to it. If not explicitly assigned, the object's SecurityPolicy property is assigned a value provided by the class's default.

The security policy defines the set of security templates that can be applied to the objects with which the policy is associated. The templates contained within a security policy can be one of two types: versioning or application templates. (For more information on security template types, see SecurityTemplate.)

You can create an instance of a SecurityPolicy object by calling CreateInstance methods on the Factory.SecurityPolicy class. A SecurityPolicy object can be retrieved from the object-valued SecurityPolicy property on a Containable object. (You cannot create a SecurityPolicy instance by retrieving it from the SecurityPolicy property.)


The following tables list the members exposed by ISecurityPolicy.

Public Properties

 NameDescription
Public propertyActiveMarkingsThe list of ActiveMarking objects currently applied to a given object. Each ActiveMarking object represents a marking that is in a MarkingSet associated with a property on the object.
Public propertyAuditedEventsAn EventSet collection of the Event objects containing the audited events that have occurred for the object.
Public propertyCreatorIndicates the name of the user assigned as the creator of the object.

Settability of this property is read-only for most users. For users who have been granted privileged write access (AccessRight.PRIVILEGED_WRITE), this property is settable only on create. After initial object creation, this property is read-only for all users.

Public propertyDateCreatedIndicates the date and time the object was created. The Content Engine stores dates and times using Coordinated Universal Time (UTC).

Settability of this property is read-only for most users. For users who have been granted privileged write access (AccessRight.PRIVILEGED_WRITE), this property is settable only on create. After initial object creation, this property is read-only for all users.

Public propertyDateLastModifiedIndicates the date and time the object was last modified. The Content Engine stores dates and times using Coordinated Universal Time (UTC).

Settability of this property is read-only for most users. For users who have been granted privileged write access (AccessRight.PRIVILEGED_WRITE), this property is read/write. (The read/write access for those users can only change if a change is made to the ACL on the object store that controls who has privileged write access to objects in that object store).

Public propertyDescriptiveTextUser-readable text that describes an object.

The text is not locale-specific to the retrieving user except for the following classes:

  • ClassDescription
  • PropertyDescription*
  • ClassDefinition
  • PropertyTemplate*
  • PropertyDefinition*
Public propertyDisplayNameThe user-readable, provider-specific name of an object. This property is usually the designated Name property of the object's class.
Public propertyIdA representation of the Globally Unique Identifier (GUID), a unique 128-bit number, that is assigned to this Content Engine object when the object is created. When converted to a string, the Id property is typically depicted as 32 hexadecimal characters enclosed by brackets in the following format: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}. For example, {3F2504E0-4F89-11D3-9A0C-0305E82C3301}.

For IUser and IGroup classes, the Id property takes the value of the Security Identifier (SID) rather than the 128-bit GUID. The string representation of the SID is in this example format: S-1-5-21-1559522492-2815155736-3711640725-55269. When Active Directory is used as the directory service for IBM FileNet P8, IUser.Id and IGroup.Id always return the current SID for the principal, even if this user or group has only historical SIDs populating the Active Directory server.

For a given property representation, the Id property has the following characteristics:

  • PropertyDescription.Id is equal to PropertyTemplate.Id, which is equal to PropertyDefinition.PrimaryId.
  • PropertyDefinition.Id is not equal to PropertyDefinition.PrimaryId.
  • PropertyDefinition.Id is not equal to PropertyDescription.Id.

For a newly created document object, you can override the Id property of its associated VersionSeries object before you save or check in the document for the first time.

Public propertyLastModifierIndicates the name of the user who last modified the object.

Settability of this property is read-only for most users. For users who have been granted privileged write access (AccessRight.PRIVILEGED_WRITE), this property is read/write. (The read/write access for those users could only change if a change is made to the ACL on the object store that controls who has privileged write access to objects in that object store).

Public propertyNameThe name for this object.

For most classes, this property is read-only and returns the value of the designated name property for the object, or its ID if there is no name property. If ClassDescription.NamePropertyIndex has a value, this property contains the value of the designated name property. If there is no designated name property value, and the object has an Id property, this property contains the string value of the Id property. If neither of these conditions is satisfied, this property contains an empty string.

For a ComponentRelationship object, this property is read/write and specifies the name of the object.

Public propertyOwnerManages the security owner assigned to the object.
Public propertyPermissionsManages the discretionary permissions assigned to the object.
Public propertyPreserveDirectPermissionsDetermines whether direct access control entries (ACEs) are preserved on an object when a given security policy template or lifecycle policy is applied to the object. Direct ACEs are permissions that have been directly set on the object, not set through inheritance. If the value of this property is False, the object's original direct permissions are replaced by the permissions defined by the applied security policy template or lifecycle policy. Permissions inherited from the object's security parent are retained. If the value is True, the object's original direct permissions are preserved as well as its inherited permissions.
Public propertySecurityTemplatesSpecifies a SecurityTemplateList object that contains a collection of the security templates associated with a given Security Policy object.
Top

See Also