IBM FileNet P8, Version 5.2.1            

Limiting administrative access

You can restrict the access that users or groups have to Administration Console for Content Platform Engine at the domain and object store levels. The access that users have to a domain or object store is determined by the access rights that administrators assign to users.

About this task

Security for all of the objects that you can access by using Administration Console for Content Platform Engine is controlled by the system at the object level. Each user is granted or denied permissions to the various actions that can be performed. For users of the administration console, you can further limit access for the domain and object stores to read-only access. For the domain, you limit access by explicitly or implicitly denying the user the Modify all properties access right. For the object store, you limit access by explicitly or implicitly denying the user the Modify existing properties, Create new objects, and Delete objects access rights. When these access rights are denied, the user has only read-only access to the objects.

Important: Limited (read-only) access applies only to access through the administration console. Access rights for users who access the objects by using the API or other applications are controlled by the existing permissions.

Procedure

To enable limited administrative access:

  1. Access the Security tab for the domain or the object store from the administration console:
    • For domain: In the details pane for the domain, click the Security tab.
    • For object store: In the navigation pane, click the object store that you want to modify, and then from the details pane, click the Security tab.
  2. Select the user or group for which you want to limit administrative access.
  3. Click Edit.
    Option Description
    Limiting administrative access to a domain
    • If the permission type Allow is selected, make sure that Modify all properties is not selected.
    • If the permission type Deny is selected, make sure that Modify all properties is selected.
    Limiting administrative access to an object store
    • If the permission type Allow is selected, make sure that Modify existing objects, Create new objects, and Delete objects are not selected.
    • If the permission type Deny is selected, make sure that Modify existing objects, Create new objects, and Delete objects are selected.
  4. Save your changes.


Last updated: March 2016
p8pcc341.htm

© Copyright IBM Corporation 2016.