Security tab

With the security editor, you can view and edit the Access Control List (ACL) of the associated object. Enterprise Manager uses the security editor in the following three security tabs:

For more information, see Icons used by the security editor and About access rights.

List of ACEs
Displays a single Access Control Entry (ACE) per row. Select an ACE to view and edit its security in the rest of the security editor. Click a column heading to sort the rows based on the contents of that column. If no ACEs appear, click the Add button.
Name
The name of the user or group as provided by the authentication provider for the FileNet P8 domain. When you hold the mouse over the name, the tool tip shows the display name followed by the principal name in parentheses, as in:

DisplayName (PrincipalName)
.

Click Add or Remove to change this list. The icons indicate whether the ACE represents a user or a group, whether it is denied or allowed, and whether it is inherited or not.

Source
The source of the ACE: either default, direct, inherited, or template.
Type
Whether the selected ACE is allowed or denied. This option is not available when the selected ACE is inherited.
Apply to
The inheritable depth of the selected ACE. This option is not available when the selected ACE is inherited.

Each ACE has an inheritable depth setting that is invoked if the ACE is configured to be inherited by a child object. The inheritable depths are:

This object only
This ACE would not be inherited even if it were configured for inheritance.
This object and immediate children
This ACE applies to the object and would be inherited by the parent object's children, but not by the child object's children. After inheritance takes place, the child ACE will have an inheritable depth of This object only.
This object and all children
This ACE applies to the object and would be inherited by every generation of the parent object's child objects. After inheritance takes place, the child object's ACE will have an inheritable depth of This object and all children.
All children but not this object
This ACE would be inherited by every generation of the parent object's child objects, but does not affect the parent object itself.
Immediate children only, but not this object
This ACE would be inherited only by the parent object's immediate children, but not by further generations, and does not affect the parent object itself.
Level
the level of security for the selected ACE. Levels are logically assembled collections of rights that are appropriate for varying degrees of access to the object. Levels are typically ordered with the most powerful level listed first (exception for the Custom level). Different objects have different levels. For example, only documents have the Major Versioning level. Folders, which are not versionable, do not have this level. Folders have the Add to Folder level, which documents do not have.

When you select a level, two things happen: the rights that comprise the level become selected in the Rights column, and other levels that are included in the selected level are marked with an asterisk. For example, selecting Full Control causes all the other levels to be marked with an asterisk.

All objects include a Custom level, which is automatically selected if you choose a collection of rights that is not exactly mapped to one of the predefined levels.

Rights
The individual rights for the selected ACE. Selecting a right can affect the selected level. Selecting a level also affects the rights that are selected.
Active Marking/Owner
Opens the Access Control Settings window, where you can view or edit the markings and ownership of the object. If the current object does not permit markings, the label on this button is "Owner" and the resultant Access Control Settings window contains only an Owner tab.