Some common security questions answered.
- When you add non-administrative users while running the object
store wizard, what default permissions do they get?
On documents: View Content (on
the class Default Instance Security ACL) plus Create Instance (on
the class Security ACL).
On folders: Modify
Properties.
On the object store: Use object store.
- How is a document's security set?
- When first created, documents get permissions from the Default
Instance Security ACL and default security policy of its class. They
can also inherit permissions from a security parent, if configured.
When documents go through versioning changes (by being checked out,
checked in, promoted or demoted) their security can change if there
is a properly configured security policy associated with the document.
- Are all objects securable?
- Most objects that users and administrators work with are directly
securable. If an object's property sheet contains a Security tab,
then it is directly securable. However, some objects have the same
security as some other (owner or container) object that they are dependent
on. For example, once a choice list is added to a document, it has
the same security as the document.
- Where does Content Platform Engine store
the security descriptors for its objects?
- A Content Platform Engine configured
database has tables that contain all information about objects, properties,
classes, etc, including the fully encrypted security descriptors for
these objects.