FileNet P8 Platform, Version 5.2.1            

Frequently asked questions about FileNet® P8 security

Some common security questions answered.

When you add non-administrative users while running the object store wizard, what default permissions do they get?

On documents: View Content (on the class Default Instance Security ACL) plus Create Instance (on the class Security ACL).

On folders: Modify Properties.

On the object store: Use object store.

How is a document's security set?
When first created, documents get permissions from the Default Instance Security ACL and default security policy of its class. They can also inherit permissions from a security parent, if configured. When documents go through versioning changes (by being checked out, checked in, promoted or demoted) their security can change if there is a properly configured security policy associated with the document.
Are all objects securable?
Most objects that users and administrators work with are directly securable. If an object's property sheet contains a Security tab, then it is directly securable. However, some objects have the same security as some other (owner or container) object that they are dependent on. For example, once a choice list is added to a document, it has the same security as the document.
Where does Content Platform Engine store the security descriptors for its objects?
A Content Platform Engine configured database has tables that contain all information about objects, properties, classes, etc, including the fully encrypted security descriptors for these objects.


Last updated: October 2015
p8psf000.htm

© Copyright IBM Corporation 2015.