IBM FileNet P8, Version 5.2.1            

Mapping user and group security for annotations

After you create the document class mappings on Content Platform Engine, use the SEC_map tool on the IBM® FileNet® Image Services system to map the user and group security for annotations.

About this task

Security mapping must be one to one. Each FileNet Image Services user or group must be mapped to a unique Content Platform Engine user or group.
Important: The FileNet Image Services SysAdmin user and SysAdminG group must be mapped to the appropriate Content Platform Engine names. If the SysAdmin user and SysAdminG group are not correctly mapped, the federation of annotations fails.

Procedure

To map the user and group security for annotations:

  1. Start the SEC_map tool by entering SEC_map on the command line.
  2. Export the users and groups by entering SEC_map> export_all.
  3. Log on, select the LDAP type, and select a suffix for the distinguished name.

    The SEC_map tool reads the MKF security database and creates the user.txt and group.txt files in the current directory. The FileNet Image Services user and group names are converted to Content Platform Engine distinguished names based on your answers to the previous prompts.

  4. When the export is finished, exit from SEC_map.
  5. Use your preferred text editor, such as vi, to view these two files and make sure that all the FileNet Image Services users and groups are mapped correctly to the appropriate Content Platform Engine distinguished names. Make changes as needed and save the files.
    Tip: If necessary, you can delete the two files and run export_all again.
  6. When you are sure the user.txt and the group.txt files are correct, start the SEC_map tool again and import the two files into the MKF security database by entering SEC_map> import. Import the user.txt file and then the group.txt file. The SEC_map tool validates each distinguished name and stores it in the MKF Security database on the FileNet Image Services Root server.

    After an entry is stored in the MKF security database, the corresponding entry is deleted from the user.txt or group.txt file. If an entry cannot be validated, it is not removed from the file.

    If all the distinguished names are valid and the user.txt and group.txt files are empty, the SEC_map tool deletes them. If any invalid entries remain, you can exit from the SEC_map tool, edit the files again, and rerun the import command.



Last updated: October 2015
p8pca009.htm

© Copyright IBM Corporation 2015.