IBM Enterprise Records, Version 5.1.2   

Configuring security for the file plan object store (FPOS)

After you configure the object store, you must set the IBM® Enterprise Records security on the file plan object store (FPOS). This task assigns IBM Enterprise Records security roles to users and groups and updates the default instance security on the IBM Enterprise Records objects.

About this task

When you assign the roles in IBM Enterprise Records, ensure that users roles are not duplicated when you select groups and users for each role. If a user is assigned more than one role, unexpected behavior occurs when the permissions of one role conflict with the permissions of another. For example, do not assign #AUTHENTICATED-USER to the Records User role because it negates the permissions that are needed by users that are assigned as Records Managers, Records Reviewers, and Records Administrators. Those users cannot access, create, delete, or change records.

Procedure

To assign the IBM Enterprise Records security roles:

  1. Access the checklist that you filled out before starting this installation for the values you need.
  2. Verify that you configure your object stores as described in the Configuration Manager sections.
  3. Sign in to IBM Enterprise Records as a GCD Administrator and Object Store Administrator for the object store you are configuring.
    Tip: If you rerun the security script with insufficient rights to update certain previously updated folders, the security script fails and returns an insufficient security error.
  4. Select the Configure tab and click Object Store Configuration.
  5. Run the security script on your object store. From the list of object stores configured for IBM Enterprise Records, right-click the FPOS you want to set security on, and select Run Security Script.
    Tip: The Security Script Run Date displays the date the security script was last run on the object store. If no date is displayed, security is not set.
  6. Select a role and click Add New Members. The Set Security window displays with the names of the IBM Enterprise Records security roles applicable for the imported data model.
  7. Use the Select Users/Groups window to select a user or a group to be assigned to the role and then click Accept.
  8. Assign users and groups to all of the security roles by repeating Steps 6 and 7.
  9. Verify that users assigned the Records Administrator role have object store administrative rights on the FPOS.

    These privileges allow such users to complete workflows on the FPOS.

    When creating new object stores, add the users and groups assigned Records Administrator role to the object store administrators group.

  10. When all security roles are set, click Finish. IBM Enterprise Records displays a wait screen while it applies the specified security. When security is set, click OK.
    Important: After clicking Finish, wait for the confirmation screen to display before proceeding.
  11. Record the security roles assignment information.
    Important: When assigning the IBM Enterprise Records roles, verify that you see no overlapping of users when selecting groups and users for each role. If a user belongs to more than one role, unexpected behavior occurs where the permissions of one role conflict with the permissions of another. This behavior includes assigning #AUTHENTICATED-USER to the Records User role.
  12. Modify security to allow users assigned the Records User role to create a version of a document version declared as a record by another user with the same role.
    Important: The Default Instance Security on the Record class is set to give the Records Manager User group rights to Minor/Major Versioning. This setting defines security on the record itself. Users who cannot browse to the document due to container (folder) security can still access the record through search or reports.


Feedback

Last updated: November 2013
frmic040.htm

© Copyright IBM Corporation 2013