Security policies can be assigned to a document or to document
versions.
Security policies can become associated with documents in two ways:
- By assigning it as the default security policy for a document
class.
- In this case, the default security policy is automatically associated
with the object instance at the time of creation unless the default
is explicitly overridden. The default security policy will continue
to be associated with all versions in the document's version series,
unless you do something to change the association. By having the same
security policy for all documents in a class, you have a simple, easily
understandable and manageable security scheme. If, on the other hand,
you change a single document version's class, the new class's default
security policy (provided there is one) would be immediately applied
to that document version and the old security policy (if there was
one) would be removed. However, changing a version's class does not
override a security policy that was directly assigned to that version
by a user, nor does it change any earlier versions of the same document.
- By assigning it to a specific document version.
- Each document version in a version series could, theoretically,
have a different security policy assigned to it. The document class's
default security policy will be placed on each instance of the class,
but you can override the default with a different security policy.
You would do this manually, using Administration Console for Content Platform Engine to open the document
version's property sheet and changing the security policy. This would
be cumbersome and difficult to manage from a system administrator's
point of view, and should be done only as an exception to the normal
application by the document class.