After you have configured the object store, you must set
the IBM® InfoSphere™ Enterprise Records security on
the file plan object store (FPOS). This task assigns InfoSphere Enterprise
Records security roles to users
and groups and updates the default instance security on the InfoSphere Enterprise
Records objects.
See
InfoSphere Enterprise Records security for more information
on the
InfoSphere Enterprise
Records security
roles and default instance security.
- In general, assign security settings to groups rather than individual
users; this practice makes your system inherently more maintainable.
- Assign security roles only for the FPOS, not for the ROS.
Important: If you re-run the Security Script wizard, after assigning
security roles, the wizard:
- Will not modify security set on already existing records. After
each security run, the new security is only set for new object instances.
- Removes the previously applied groups from the classes that were
installed as part of the data model.
- Updates the default instance security settings such that any existing
user rights are replaced with the rights defined by the latest run
of the Security Script wizard.
To assign the InfoSphere Enterprise
Records security
roles:
- To access the worksheet file, p8_worksheet.xls,
that contains the parameter values to specify in the InfoSphere Enterprise
Records installation, see the
Using the installation and upgrade worksheet section. In the worksheet
file, verify that the command is enabled.
- Verify that you have configured your object stores as described
in Configuring IBM InfoSphere Enterprise Records object stores.
- Log in to InfoSphere Enterprise
Records as
a GCD Administrator and Object Store Administrator for the object
store you will configure.
Tip: If you rerun
the security script with insufficient rights to update certain folders
that have been updated before, the security script fails and returns
an insufficient security error.
- Select the Configure tab and click Object Store
Configuration.
- Run the security script on your object store. From
the list of object stores configured for InfoSphere Enterprise
Records, click the FPOS you want
to set security on, and select Run Security Script.
Tip: The Security Script Run Date displays the date the security
script was last run on the object store. If no date is displayed,
security has not been set.
- Assign users and groups to a role.
The Set
Security screen displays with the names of the InfoSphere Enterprise
Records security roles applicable
for the imported data model.
- Select a role.
- Click Add New Members.
- Use the Select Users/Groups screen to select a user
or a group to be assigned to the role and then click Accept,
then click Finish.
InfoSphere Enterprise
Records displays a wait screen
while it applies the specified security. When security has been set,
click OK.
- To assign additional users and groups, repeat substeps
b and c.
- Record the security roles assignment information.
A security role planning table, to manage
your roles assignments, is included in the Installation and Upgrade Worksheet.
Important: When assigning the InfoSphere Enterprise
Records roles, verify that there
is no overlapping of users when selecting groups/users for each role.
If a user belongs to more than one role, unexpected behavior occurs
where the permissions of one role conflict with the permissions of
another. This includes assigning #AUTHENTICATED-USER to the Records
User role, which is not recommended.
- Repeat Step 6 for each role.
- Click Finish.
Important: After clicking Finish, wait
for the confirmation screen to display before proceeding.
- Verify that users assigned the Records Administrator role
have object store administrative rights on the FPOS.
These
privileges allow such users to complete workflows on the FPOS.
When
creating new object stores, ensure that you add the users/groups assigned
Records Administrator role to the object store administrators group
as part of creating the object store.
For more information about InfoSphere Enterprise
Records security role assignments,
see the Installation and Upgrade Worksheet.
Important: If you are configuring already existing object stores
for use with InfoSphere Enterprise
Records,
you must verify that the users/groups you assign to the Records Administrator
role already are object store administrators. If they are not, you
must run the Security Script wizard to update the security on the
object store.
For information on running the Security Script
wizard to update an object store with new users and groups:
- If your FileNet P8 system
is Version 4.5.1: See the IBM FileNet P8 help topic .
- If your FileNet P8 system
is Version 5.0: See the IBM FileNet P8 Version 5.0 Information
Center topic .
- Modify security to allow users assigned the Records User
role to create a version of a document that is declared as a record
by another user with the same role.
Important: The
Default Instance Security on the Record class is set to give the Records
Manager User group rights to Minor/Major Versioning which define security
on the record itself. Users who cannot browse to the document due
to container (folder) security can still access the record through
search or reports.