Select users and groups for object store
The Select Users and Groups window lets you search the authentication database
and then, from the result set, select the accounts you want to add as Access
Control Entries (ACEs) to the object's Access Control List (ACL). These ACEs
will be assigned default permissions which you can view and edit later, using
the object's security editor.
If the query does not find all the users or groups you are looking for, simply
issue another search. You can return to the object's Select Users and Groups
window as often as you need.
- Select Object Type
- Select the object type to search for. When specifying object store administrators,
the Special Accounts object type will be deselected
and disabled. When specifying initial user groups, the Users
object type will be deselected and disabled. See Users and groups required by FileNet P8 Platform for information about the special accounts
#AUTHENTICATED-USERS
and #CREATOR-OWNER
.
- Select Realm
- Select the realm to search. Only those realms (domains) that were configured
during installation for FileNet P8 domain authentication will produce valid
accounts.
- Search Criteria
- Build your search using the following parameters.
- Search Attribute: Select whether you want to search
on Short Name or Display Name.
- Search Pattern: Enter the name or string
you want to search for.
This search type... |
searches for accounts ... |
Starts with ... |
whose name begins with the characters you enter. |
Exact match ... |
with the exact characters you type. |
- You cannot use wildcard characters. Therefore, a "Starts with"
search pattern of a? find
names with a as the first character
and a question mark as the second. It does not find names starting with ab.
- You cannot use logical, or Boolean, operators (OR, AND, NOT).
- Leave the search string blank to return all names, regardless of whether
you use Starts with or Exact match, and subject to the Maximum results returned value.
- Sort Order: Choose a sort order for how the result set will appear:
Ascending (A-Z), Descending
(Z-A), or None. If your search includes both
Groups and Users and the sort order is None,
the result set will stack all Groups that meet the search criteria first,
followed by all Users that meet the search criteria. If the directory service
does not support sorting, Enterprise Manager informs you and thereafter
only None will be available.
- Maximum results returned: Enter a maximum number of results to return,
with the value applying separately to both users and groups if both are selected.
For example, if you select both users and groups, set Maximum result returned
to 500; if your directory service has at least 500 entries of each type
that meet the search criteria, your result set will have 1,000 names.
Setting
Maximum results returned to zero returns
all accounts that meet the search criteria. To request all accounts in the realm,
leave the search criteria blank and enter 0 into Maximum
results returned. Use this option with caution because requesting all values
from an extremely large directory service can result in very long search time.
- Find
- Click Find to run the query against the directory
service. Any result set from an earlier search is replaced by the results
of the current search.
- Results
- Displays the users and groups found by the search, sorted according to the
sort order. Icons display whether the account is a user or a group.
See Directory service providers for more information.
- Display Name: Displays
whatever directory service attribute has been configured as the User Display
Name Attribute.
- Short Name:Displays whatever
directory service attribute has been configured as the Logon Attribute.
- Principal Name: The complete, unambiguous
name in the format of the authentication provider.
- Select the names you want to add to the ACL of the object.
- Click OK to add selected names to the ACL
of the object. Then use the security editor to view and edit their permissions.