After you create the document class mappings on Content Platform Engine, use the SEC_map tool on the IBM®
FileNet® Image Services system to map the user and group security for
annotations.
About this task
Security mapping must be one to one. Each
FileNet Image Services user
or group must be mapped to a unique
Content Platform Engine user or
group.
Important: The FileNet Image Services SysAdmin user and
SysAdminG group must be mapped to the appropriate Content Platform Engine
names. If the SysAdmin user and SysAdminG group are not correctly mapped, the federation of
annotations fails.
Procedure
To map the user and group security for annotations:
- Start the SEC_map tool by entering SEC_map on the
command line.
- Export the users and groups by entering SEC_map>
export_all.
- Log on, select the LDAP type, and select a suffix for the distinguished name.
The SEC_map tool reads the MKF security database and creates the
user.txt and group.txt files in the current directory. The
FileNet Image Services user and group names are converted to Content Platform Engine distinguished names based on your answers to the previous
prompts.
- When the export is finished, exit from SEC_map.
- Use your preferred text editor, such as vi, to view these two files and make sure that all the
FileNet Image Services users and groups are mapped correctly to the appropriate
Content Platform Engine distinguished names. Make changes as needed and save
the files.
Tip: If necessary, you can delete the two files and run export_all
again.
- When you are sure the user.txt and the group.txt
files are correct, start the SEC_map tool again and import the two files into the
MKF security database by entering SEC_map> import. Import the user.txt file and then the group.txt
file. The SEC_map tool validates each distinguished name and stores it in the MKF
Security database on the FileNet Image Services Root server.
After an entry is stored in the MKF security database, the corresponding entry is deleted from
the user.txt or group.txt file. If an entry cannot be
validated, it is not removed from the file.
If all the distinguished names are valid and the user.txt and
group.txt files are empty, the SEC_map tool deletes them. If
any invalid entries remain, you can exit from the SEC_map tool, edit the files
again, and rerun the import command.