Use this procedure to add new user and group accounts to an object store when the new
accounts must be able to access the existing objects.
About this task
You can add new users to an object store that is already
in production by using the data design functions that are available
in Administration Console for Content Platform Engine. However,
a user that is added by this procedure has permissions only on those
objects that are created after the addition of that user. See Add users and groups to a class for this
procedure.
Adding new users so that they have default permissions
to all existing objects requires a different procedure. This procedure
uses the Administration Console for Content Platform Engine Security
Script wizard. The Security Script wizard updates the security of
an existing object store with users and groups as if those users and
groups had been added when the object store was originally created.
The users and groups can be given permissions as object store users
or as object store administrators. For more information about these
security levels and the rights granted by each level, see Object store security levels.

The Security Script wizard assigns security roles to user and group accounts to
create security principals for the objects in an object store, with some exceptions. The exceptions
include custom objects, documents, and non-root folders. The wizard uses two sample files,
UpdateOSSecurity.json and
SecurityScript.js. The
UpdateOSSecurity.json
JavaScript Object Notation file defines the security
roles to be assigned and the permissions for the roles. The JSON file also establishes communication
between the wizard and the
SecurityScript.js security script by applying the
actions that are defined for the permissions in the script file to the users and groups that are
selected in the wizard.
Restriction: The JSON file and security script must be invoked
through the use of the Security Script wizard.

The following information describes the actions that the Security Script wizard does when you
run this procedure, and includes clarifications of actions that are not done:
It does set permissions on the Administration Console for Content Platform Engine root
folder and modifies the security on securable objects.
It does not directly modify the security on custom objects, documents, and
non-root folders. Therefore, running the Security Script wizard alone does not affect permissions on
custom objects, documents, and non-root folders in the object store. After running the wizard, you
can configure security parentage so that the root folder becomes the security parent of any folders,
documents, and custom objects that should inherit the new permissions. This change to security
parent configuration applies the same effective security as if all these custom objects, documents,
and non-root folders had been directly modified. Remember, however, the different behavior between
directly applied security and inherited security. For more information, see Understanding security inheritance.
- It does not remove or modify existing permissions.
What to do next
Log on to the
Administration Console for Content Platform Engine as
the object store administrator ID. From the object store node, browse
to the root folder and examine the changes to the permissions. Depending
on how you have configured the inheritance from the root folder and
all generations of child folders, these new permissions might not
yet have been inherited. Configure the folder security parentage as
appropriate. For more information, see
Configure
security inheritance.