IBM FileNet P8, Version 5.2.1            

Markings

Security markings offer the ability to secure an object based on the value of one of its properties. Similar to the way in which object property values are assigned by using choice lists, markings offer the additional functionality of setting security on an object based on selected values. A marking set typically contains several values called markings. Each marking has an associated list of users, each of whom has access rights to the object. Users that are not explicitly given access through the marking are denied access to the object. Markings do not override the normal security on the object, but work with it to provide an additional security layer. Markings are heavily used by the IBM® Enterprise Records application.

As an example, a system or security administrator creates a marking set called Clearance that contains a set of possible values for a property, defined as follows:
Top Secret
Accessible only by the executive team
Confidential
Accessible by the management team
Internal
Accessible by all company employees
Public
Accessible by all

Continuing this example, the administrator creates a property, arbitrarily called Security Level, on a document class and associates the property with the Clearance marking set. When a new document based on this document class is created, a user with appropriate access rights can assign values from the Clearance marking set to the Security Level property for this document instance. Based on the value set for this property, security restrictions are placed on the document in addition to normal document security. For example, only users with Top Secret clearance can view the document. (By adding custom properties to the base Document class, you can configure all documents in an object store to include a Security Level property that is associated with a marking set such as the one described.)

Marking sets can function as an independent list of unrelated markings, or can be configured to function in a hierarchical fashion where the topmost marking in the list encompasses all the markings and access rights below it.



Last updated: October 2015
p8sov104.htm

© Copyright IBM Corporation 2015.