The Security Settings dialog that appears when adding or checking in a document displays any default security provided by your system.
Each Workplace user has a unique user name that is used to identify access rights to objects, the last user to modify an object, the creator or owner of an object, and the user account for which you are currently logged into the system. When the administrator creates a user name, that name is assigned a short version and a long version.
The short version is the user name that you can use when you log in. For example, abrown.
The long version is the full, unique system identifier for the user. Administrators call the long version user name the fully qualified system name or the distinguished name. The format of the long name depends on how your administrator has configured your system. For example, it could be jdoe@engineering.filenet.com or uid=JDoe,uid=pwtest995,ou=Shared,ou=Engineering,dc=filenet,dc=com
.
You can use both your short version or long version name to log in. Both the long version name and short version name are displayed in a Security dialog box. When you search for a user or group, the short names are returned and the long names appear as tool tips.
It is possible to have duplicate short version user names. The long version of the name is always unique.
#AUTHENTICATED-USERS now appears as the default for all users in a group. Previously, EVERYONE was used.
Rollover text appears when you point to any user or group's short or display name. That text shows you the long name or the fully qualified system name for the user or group.
If you use eDirectory or SunOne LDAP server and if there is no duplicate short name, you can log in with a short version or long version name.If there are duplicate short names, you must log in with a long version name.
If you use Active Directory LDAP server and you belong to the default Content Engine and Process Engine domain, you can log in with a short version or long version name; if you do not belong to a default Content Engine and Process Engine domain, you must log in with a long version name.
To accommodate searching for specific users and groups in large directories, the Add New Users or Groups dialog box allows you to specify search criteria that locates users and groups quickly. This eliminates the time consuming process of scrolling through many names when adding a user or group.
To add a user or group
The list of permissions begins with Owner Control (total access) at the top of the list and proceeds to View Properties (very little access) at the bottom of the list. Each permission at a higher level also includes all those below it in the list. Consequently, changing one permission can change others to maintain appropriate access to the publish template. This becomes more apparent as you select check boxes.
For example, assume that you have a group and the Allow check box is selected for all the permissions (Owner Control, Promote Version, Modify Content, Modify Properties, View Content, View Properties). If you select a Deny check box or clear an Allow check box, any permissions above the permission you are denying must also be denied. For example, setting Modify Content to Deny also sets Promote Version and Owner Control to Deny.
Conversely, changing a Deny permission to Allow also changes the permissions below to Allow. For example, if the top three permissions are set to Deny, and you set Owner Control to Allow, all the check marks move to the Allow column.
Permission | Publish Template | Publication Document |
---|---|---|
Owner Control | Delete the publish template as well as perform any of the following functions. | Delete the publication document plus any of the following functions. |
Promote Version | The user must have Promote Version permission to check in or check out a template. A publish template can only be checked in as a major version. | Promote a minor version to a major version, check in a document as either a major or minor version, plus any of the following functions. |
Modify Content | If Promote Version is set to "allow," the user can check out and check in the current version of a template, change its content and security, plus any of the following functions. | Check out the current version, check in a document (only as a minor version), change the content, plus any of the following functions. |
Modify Properties | Change the name or description of the publish template plus any of the following functions. | Change the name or description plus any of the following functions. |
View Content | View the content of the publish template plus the following functions. | View the content plus the following functions, except for publishing a source document. |
View Properties | View the name and description of the publish template. | View the name and description. |
Publish | Not applicable. | Publish a source document (which can also be a publication document). |