FileNet P8 Platform, Version 5.2.1            

#CREATOR-OWNER

The special Content Platform Engine account granted to the user who creates an object.

#CREATOR-OWNER
#CREATOR-OWNER is a placeholder in an access control entry (ACE) and is used for copying a defined set of permissions to the individual user who is creating a new object. This copying takes place:
  • When applying default instance security from a class to an instance of the class.
  • Whenever a security template places ACEs on an object.
  • When performing inheritance propagation to a target ACE (such as from a parent folder to a child folder).

By default, #CREATOR-OWNER appears on the Security and Default Instance Security tabs of all instantiable classes, and is granted Full Control, with an inheritable depth of This object only. This account functions just like a normal user account, and its default permissions can be edited according to normal rules (that is, by users with appropriate permission).

When the ACE is inherited, the permissions granted to the #CREATOR-OWNER become the permissions granted to the object's current owner. For example, when a user creates a document based on a document class, that user takes on the #CREATOR-OWNER's permissions.

Actually, two target ACEs result whenever the #CREATOR-OWNER is copied onto an object - a substituted ACE and a non-substituted ACE:
  • The substituted ACE is always created but is forced to be non-inheritable (its inheritable depth becomes This object only regardless of the source value).
  • The unsubstituted ACE is a complete copy of the source ACE except that if performing inheritance propagation the inheritable depth value can be decremented (if it is not 0 or -1), and in all cases the unsubstituted ACE will be suppressed if the (resulting) inheritable depth is zero.

Windows Authentication: the user attribute used is the samAccountName.

Oracle Directory Server Enterprise Edition and eDirectory: the user attribute is configurable to the LogonAttribute in the GCD.

#AUTHENTICATED-USERS and #CREATOR-OWNER are referred to as Special accounts in the Administration Console for Content Platform Engine Select Users and Groups dialog box.



Last updated: March 2016
p8psu040.htm

© Copyright IBM Corporation 2016.