FileNet P8 Platform, Version 5.2.1            

#AUTHENTICATED-USERS

A Content Platform Engine logical group whose members are any authenticated user principal. Any user account that can successfully log in belongs to this group.

#AUTHENTICATED-USERS

#AUTHENTICATED-USERS is similar to the special group Authenticated Users in Windows 2000. It does not have specific memberships that you can modify, and it does not include anonymous users or guests.

If you specify #AUTHENTICATED-USERS to be a default user or group of an object store, then all users who log in to the FileNet P8 domain are automatically made members of this group. It will appear on the Default Instance Security ACL of all classes. Therefore each instance of the class will include #AUTHENTICATED-USERS on its own ACL. If you do not change the default, the net effect will be that any user who can log in to the FileNet P8 domain will be able to:
  • View all object stores (default level = Use stores and services)
  • View all folders (default level = View properties)
  • View all documents, both properties and content (default level = View content)
  • View all custom objects (default level = View properties)
If this is not what you want, you could:
  • Remove #AUTHENTICATED-USERS from the particular class or classes. (You can, of course, remove it from individual objects, but this is not a recommended method for efficiently administering security across many classes and objects.)
  • Add deny groups to the class Default Instance ACL; this will effectively remove the members of the deny group from the #AUTHENTICATED-USERS group.
  • Use a non-security method such as exploiting the IsHiddenContainer property which applications use to hide a folder.

#AUTHENTICATED-USERS and #CREATOR-OWNER are referred to as Special accounts in the Administration Console for Content Platform Engine Select Users and Groups dialog box.



Last updated: March 2016
p8psu039.htm

© Copyright IBM Corporation 2016.