InfoSphere Enterprise Records, Version 4.5.1.3+              

Configuring security for the file plan object store (FPOS)

After you have configured the object store, you must set the IBM® InfoSphere™ Enterprise Records security on the file plan object store (FPOS). This task assigns InfoSphere Enterprise Records security roles to users and groups and updates the default instance security on the InfoSphere Enterprise Records objects.

See InfoSphere Enterprise Records security for more information on the InfoSphere Enterprise Records security roles and default instance security.

To assign the InfoSphere Enterprise Records security roles:

  1. To access the worksheet file, p8_worksheet.xls, that contains the parameter values to specify in the InfoSphere Enterprise Records installation, see the Using the installation and upgrade worksheet section. In the worksheet file, verify that the Data > Filter > AutoFilter command is enabled.
  2. Verify that you have configured your object stores as described in Configuring IBM InfoSphere Enterprise Records object stores.
  3. Log in to InfoSphere Enterprise Records as a GCD Administrator and Object Store Administrator for the object store you will configure.
    Tip: If you rerun the security script with insufficient rights to update certain folders that have been updated before, the security script fails and returns an insufficient security error.
  4. Select the Configure tab and click Object Store Configuration.
  5. Run the security script on your object store. From the list of object stores configured for InfoSphere Enterprise Records, click the FPOS you want to set security on, and select Run Security Script.
    Tip: The Security Script Run Date displays the date the security script was last run on the object store. If no date is displayed, security has not been set.
  6. Assign users and groups to a role.

    The Set Security screen displays with the names of the InfoSphere Enterprise Records security roles applicable for the imported data model.

    1. Select a role.
    2. Click Add New Members.
    3. Use the Select Users/Groups screen to select a user or a group to be assigned to the role and then click Accept, then click Finish.

      InfoSphere Enterprise Records displays a wait screen while it applies the specified security. When security has been set, click OK.

    4. To assign additional users and groups, repeat substeps b and c.
    5. Record the security roles assignment information.

      A security role planning table, to manage your roles assignments, is included in the Installation and Upgrade Worksheet.

      Important: When assigning the InfoSphere Enterprise Records roles, verify that there is no overlapping of users when selecting groups/users for each role. If a user belongs to more than one role, unexpected behavior occurs where the permissions of one role conflict with the permissions of another. This includes assigning #AUTHENTICATED-USER to the Records User role, which is not recommended.
  7. Repeat Step 6 for each role.
  8. Click Finish.
    Important: After clicking Finish, wait for the confirmation screen to display before proceeding.
  9. Verify that users assigned the Records Administrator role have object store administrative rights on the FPOS.

    These privileges allow such users to complete workflows on the FPOS.

    When creating new object stores, ensure that you add the users/groups assigned Records Administrator role to the object store administrators group as part of creating the object store.

    For more information about InfoSphere Enterprise Records security role assignments, see the Installation and Upgrade Worksheet.

    Important: If you are configuring already existing object stores for use with InfoSphere Enterprise Records, you must verify that the users/groups you assign to the Records Administrator role already are object store administrators. If they are not, you must run the Security Script wizard to update the security on the object store.
    For information on running the Security Script wizard to update an object store with new users and groups:
    • If your FileNet P8 system is Version 4.5.1: See the IBM FileNet P8 help topic System Administration > Enterprise-wide Administration > FileNet P8 Security > How to... > Update object store with new users and groups.
    • If your FileNet P8 system is Version 5.0: See the IBM FileNet P8 Version 5.0 Information Center topic Security > IBM FileNet P8 security > How to... > Update object store with new users and groups.
  10. Modify security to allow users assigned the Records User role to create a version of a document that is declared as a record by another user with the same role.
    Important: The Default Instance Security on the Record class is set to give the Records Manager User group rights to Minor/Major Versioning which define security on the record itself. Users who cannot browse to the document due to container (folder) security can still access the record through search or reports.


Feedback

Last updated: November 2010


© Copyright IBM Corporation 2010.
This information center is powered by Eclipse technology. (http://www.eclipse.org)