Set security permissions

The Security Settings dialog that appears when adding or checking in a document displays any default security provided by your system.

User Names

Each Workplace user has a unique user name that is used to identify access rights to objects, the last user to modify an object, the creator or owner of an object, and the user account for which you are currently logged into the system. When the administrator creates a user name, that name is assigned a short version and a long version.

The short version is the user name that you can use when you log in. For example, abrown.

The long version is the full, unique system identifier for the user. Administrators call the long version user name the fully qualified system name or the distinguished name. The format of the long name depends on how your administrator has configured your system. For example, it could be jdoe@engineering.filenet.com or uid=JDoe,uid=pwtest995,ou=Shared,ou=Engineering,dc=filenet,dc=com.

You can use both your short version or long version name to log in. Both the long version name and short version name are displayed in a Security dialog box. When you search for a user or group, the short names are returned and the long names appear as tool tips.

It is possible to have duplicate short version user names. The long version of the name is always unique.

#AUTHENTICATED-USERS now appears as the default for all users in a group. Previously, EVERYONE was used.

Rollover text appears when you point to any user or group's short or display name. That text shows you the long name or the fully qualified system name for the user or group.

If you use eDirectory or SunOne LDAP server and if there is no duplicate short name, you can log in with a short version or long version name.If there are duplicate short names, you must log in with a long version name.

If you use Active Directory LDAP server and you belong to the default Content Engine and Process Engine domain, you can log in with a short version or long version name; if you do not belong to a default Content Engine and Process Engine domain, you must log in with a long version name.

Add a user or group

To accommodate searching for specific users and groups in large directories, the Add New Users or Groups dialog box allows you to specify search criteria that locates users and groups quickly. This eliminates the time consuming process of scrolling through many names when adding a user or group.

To add a user or group

  1. Click Add New to access the Add New Users or Groups dialog box.
  2. Next to Show Available, choose the Users or Group button to specify the type of user you want to add.
  3. Next to Select in, choose the domain in which the user or group resides.
  4. Next to Starts with, enter a specific name, part of name or character to limit your search to specific users or groups.
  5. Click Search. The first set of users or groups that match your search criteria appear in the Available Users box on the left. By default, a maximum of 500 names is displayed. You can change this maximum number in the Workplace Site Preferences.
  6. Select the users or groups by doing the following actions:
  7. Click OK to add the users or groups you just selected to the existing list of security settings. You can also click Cancel and close the Add New Users or Groups dialog box without adding any user or group to the list of security settings.
  8. Set the security options. Their meanings are described below.

Remove a user or group

  1. Select the user name or group name you want to remove from the list displayed in the User/Group column.
  2. Click Remove to remove the selected user or group from the list of those who can access the template. Use care so that you do not remove your own security group, thereby making it impossible to check in the template.

Modify user or group security settings

  1. Select any listed name in the User/Group column. Selecting a listed name activates the Remove and Modify buttons.
  2. Click Modify to display the Security - Modify User or Group dialog box. This dialog box allows you to assign (allow) and deny different categories of permissions. You can resize the columns in this dialog as desired by dragging the vertical lines between the column headings.
  3. Set the security options. Their meanings are described below.

Meaning of security permissions

The list of permissions begins with Owner Control (total access) at the top of the list and proceeds to View Properties (very little access) at the bottom of the list. Each permission at a higher level also includes all those below it in the list. Consequently, changing one permission can change others to maintain appropriate access to the publish template. This becomes more apparent as you select check boxes.

For example, assume that you have a group and the Allow check box is selected for all the permissions (Owner Control, Promote Version, Modify Content, Modify Properties, View Content, View Properties). If you select a Deny check box or clear an Allow check box, any permissions above the permission you are denying must also be denied. For example, setting Modify Content to Deny also sets Promote Version and Owner Control to Deny.

Conversely, changing a Deny permission to Allow also changes the permissions below to Allow. For example, if the top three permissions are set to Deny, and you set Owner Control to Allow, all the check marks move to the Allow column.

Permission Publish Template Publication Document
Owner Control Delete the publish template as well as perform any of the following functions. Delete the publication document plus any of the following functions.
Promote Version The user must have Promote Version permission to check in or check out a template. A publish template can only be checked in as a major version. Promote a minor version to a major version, check in a document as either a major or minor version, plus any of the following functions.
Modify Content If Promote Version is set to "allow," the user can check out and check in the current version of a template, change its content and security, plus any of the following functions. Check out the current version, check in a document (only as a minor version), change the content, plus any of the following functions.
Modify Properties Change the name or description of the publish template plus any of the following functions. Change the name or description plus any of the following functions.
View Content View the content of the publish template plus the following functions. View the content plus the following functions, except for publishing a source document.
View Properties View the name and description of the publish template. View the name and description.
Publish Not applicable. Publish a source document (which can also be a publication document).