Content Platform Engine, Version 5.2.1            

Object store administrator

A directory service account that has Full Control access to a Content Platform Engine object store.

Object Store administrator and group
Unique identifier
object_store_admin or object_store_admin_group
Description

A directory service account that can administer an object store by having Full Control access to it. You can also grant Full Control to an object store to group accounts, thereby making all members of the group object store administrators.

Each time a gcd_admin runs the Object Store Wizard, you are asked to specify the users and groups who should have administrative access to the object store. Each object store could therefore have a different set of object store administrators. Conversely, if you want the same groups to administer all object stores in the FileNet® P8 domain, you must add them while creating each new object store using the Object Store Wizard. By default, the GCD administrator creating the object store also becomes an object store administrator, but you can remove it if your security design requires dedicated accounts for each object store and GCD.

Object store administrative rights do not include the ability to add, move, or remove object stores, fixed content devices, content cache areas, or any of the other FileNet P8 domain resources. These permissions are granted only to GCD administrators.

An object store administrator is not also a GCD administrator unless also specifically granted those permissions. This means that an object store administrator who is not also a GCD administrator would have to request that a GCD administrator create a new domain resource like an object store. Once these objects are created by the GCD administrator, however, the object store administrator can populate the object store with new classes and folders, store content in the file storage area, assign markings, and so on.

The list of object store administrators is available for viewing and modifying in the IBM® Administration Console for Content Platform Engine Object Store > Properties > Security property page. You can add or remove users or groups from this list at any time later on.

Tip: Keeping the number of accounts assigned as object store administrators or object store users as small as possible will improve performance and simplify administration. The best way to do this is to use group accounts instead of large numbers of individual users. Groups can have as many members as you want and can contain other groups.
Minimum required permissions
Use IBM Administration Console for Content Platform Engine to grant an object_store_admin or object_store_admin_group Full Control access to one or more object stores.


Last updated: October 2015
p8psu020.htm

© Copyright IBM Corporation 2015.