Content Platform Engine, Version 5.2.1            

Deny an object store administrator access to a document

Use this procedure to create a marking that denies an object store administrator (object_store_admin) access to a document.

About this task

Creating a marking set and applying it to a class of objects is a multi-step procedure. Refer to Markings if you need more information about the options mentioned below (and especially about how to set the marking's Constraint Mask and Security). The following procedure is a sample, designed to accomplish one simple task and could be modified to accomplish additional tasks required by your security design.

Attention: Any time you deny basic administrative privileges, like to an object store administrator (object_store_admin), you run the risk of unintended errors.

This procedure will deny access only to new documents based on the document class to which you add the property template created below. It will not automatically deny access to any existing documents.

Procedure

To create a marking set that will deny an object store administrator access to a document

  1. Log on to Administration Console for Content Platform Engine as a GCD administrator (gcd_admin).
  2. Create the marking.
    1. Select the domain node and click Global Configuration > Data Design > Marking Sets.
    2. Click New to start the New Marking Set wizard.
    3. When you get to the page for Specify the Marking Values, click New. In the dialog box of access permissions that appears, select only Modify owner and click OK. This is the access right that will be denied by the marking. Finish the wizard. The interface will direct you to modify the new marking set. Click Open.
    4. Select the Markings tab and then select the marking you just created. Click Add to set its access permissions. This opens the Add Users and Groups dialog box.
      1. Use the dialog box to find and then add the names of all users and groups that should be allowed access to the document. For these accounts make sure the Use Marked Objects right is selected. The marking's constraint mask will have no effect on these users and groups.
      2. Use the dialog box to find and then add the names of all users and groups that should be denied the Modify Owner right. For these accounts make sure the Use Marked Objects right is deselected. The marking's constraint mask will apply to these users and groups.
        Note: The other two rights, Add Marking and Remove Marking, are administrative permissions. For explanations, see Markings.
    5. Click OK to close the Add Users and Groups dialog box and then Save and then Close. The marking set you just created shows up in the Marking Sets tab.
  3. Create the Property Template.
    1. Select the object store where the marking set will be used. Then click Data Design > Property Template. Click New to open the New Property Template wizard.
    2. In the Select the Data Type page, select String type.
    3. In the Select a Choice List or Marking Set page, select Assign marking set and then pick the marking set you just created.
    4. In the Single or Multi-Value? page, select Single for the purposes of this sample. Finish the wizard. The property template you just created shows up in Administration Console for Content Platform Engine's list of property templates, once you refresh the list.
  4. Assign the property template to a class.
    1. Select Data Design > Classes > Document and select the document class that should be associated with the new marking set. Select the class’ Property Definitions tab and click Add . This opens the Add Properties dialog box. Select the property template you just created and click OK. The new custom property appears in the Property Definitions tab.
    2. Click Save.
  5. Create a document based on the class.
    1. Select Browse > Root Folder and navigate to the folder where you want the new document.
    2. Click New Document. Choose the document class that contains the new property you just created. Finish the document wizard. Unless you set a default value for the property as described above, the wizard will not set the marking value for the marking-enabled property. You have to do that in the next step.
    3. Set the markings on the document (but see the Note below):
      • Click Open to open the new document’s property sheet and select the Properties tab.
      • In the Property Name column, find the property you added to the class in the step above.
      • Click the drop down arrow of the property’s Property Value cell. Any markings that have already been set as values for the property will appear in the list. You will also see Display or Edit Value.
      • Click Display or Edit Value to open the Display or Edit Value dialog box, which you can use to add or remove markings. Note that you will only be able to see those markings that you have permissions to apply.
      • When you are done setting values, click OK to close the object's property sheet. The object store administrators whose names were added to the first marking above will be able to run Administration Console for Content Platform Engine but will not be able to see the documents.
      Tip: If you created a single marking and if you set the default value as described above, you will not have to explicitly set the value as described in this step.


Last updated: March 2016
p8psh018.htm

© Copyright IBM Corporation 2016.