FileNet® P8 has security requirements for access rights to take certain actions on objects.
Action | Objects affected by the action | Rights required to perform the action on the affected object |
---|---|---|
Checkin major version | Document | MAJOR_VERSION |
Checkin minor version | Document | MINOR_VERSION |
Checkout | Document | MAJOR_VERSION or MINOR_VERSION |
Cancel checkout | Document reservation | MAJOR_VERSION or MINOR_VERSION or DELETE If checkout is exclusive, it can only be canceled by the user who checked it out or who has both WRITE_OWNER and DELETE access to the reservation. |
Demote Version | Document | MAJOR_VERSION |
Promote Version | Document | MAJOR_VERSION |
Freeze | Document | WRITE_ACL |
View content | Document or Annotation | VIEW_CONTENT |
Move Content | Document or Annotation or Version Series | WRITE |
Lock | Document or Folder or Custom Object | WRITE |
Unlock | Document or Folder or Custom Object | WRITE |
Take Federated Ownership | Document | WRITE_ACL |
Annotate | Document or Folder or Custom Object | All rights required for Create action using the annotation's class definition LINK |
Create subscription on document | Document and Event Action | Document: LINK Event Action: LINK All rights required for Create action using the subscription's class definition |
Delete subscription on document | Document and Event Action | Document: UNLINK Event Action: UNLINK Subscription: DELETE |
Apply security template | Document, Folder, or Custom Object | WRITE_ACL |
Change state | Document or Task | CHANGE_STATE |
File | Folder | Object store: STORE_OBJECTS Folder: LINK Object being filed: READ |
Unfile | Folder | Object store: REMOVE_OBJECTS Folder: UNLINK |
Raise Event | Event | Event class definition: READ and CREATE_INSTANCE Object store: STORE_OBJECTS |
Create class | Class definition | WRITE |
Modify | Any object | Object store: MODIFY_OBJECTS |
Change class | Any object | Object: WRITE and WRITE_ACL Class definition: READ and CREATE_INSTANCE |
Set object-valued property | Any object | WRITE (can also be changed by Modification Access Required) Target: READ (can also be changed by Target Access Required) |
View object properties | Any object | READ orObject store: WRITE_ANY_OWNER |
Special rights for modifying Owner property | Any object | WRITE_OWNER Object store: WRITE_ANY_OWNER |
Special rights for modifying Creator, DateCreated, LastModifier, DateLastModified, DateCheckedIn properties | Any object | WRITE Object store: PRIVILEGED_WRITE |
Unset object-valued property | Any object | WRITE (can also be changed by Modification Access Required) |
Modify object properties | Any object | WRITE (can also be changed by Modification Access Required) |
View Permissions property | Any object | READ_ACL |
Modify Permissions property | Any object | WRITE_ACL |
Create | Object store objects, except class definitions | Class definition: READ and CREATE_INSTANCE Object store: STORE_OBJECTS |
Delete | Objects from an object store | if relationship object: UNLINK if component relationship object: UNLINK or DELETE if reservation object: MINOR_VERSION or MAJOR_VERSION or DELETE if any other object: DELETE if an object-valued property's DeletionAction is set to PREVENT and references another object, this will prevent the deletion from taking place |
Do anything in an object store (often interpreted as a Read right) | Object store | CONNECT |
Create new instances (applies to Create, Link, or File) | Object store | STORE_OBJECTS |
Modify existing objects (applies to all other modifying actions) | Object store | MODIFY_OBJECTS |
Delete an object (applies to Delete, Unlink or Unfile) | Object store | REMOVE_OBJECTS |
Install Addon | Domain | WRITE |
Create GCD objects (including object store) | Domain | WRITE |
Delete GCD objects (including object store) | Domain | DELETE |
Modify properties on GCD objects (including object store) | Domain | WRITE |
Mark an object for deletion | Version Series or Custom Object | DELETE |
Recover item | CmRecoveryItem | DELETE on CmRecoveryItem. The RecoveryItem inherits permissions from CmRecoveryBin, so a user with DELETE on CmRecoveryBin can recover CmRecoveryItem. |
Purge a recovery item | CmRecoveryItem | DELETE on the original object that was marked for deletion. |
Special right for retrieving or modifying recoverable object. (Cannot check out a recoverable object.) | Object marked for deletion | Object store: VIEW_RECOVERABLE_OBJECTS |