To provide a secure and reliable environment for storing,
accessing, and disposing of records, IBM® FileNet® P8 uses security roles, default
instance security, security inheritance, and security markings.
Before you install and configure the
IBM Enterprise
Records environment, review your
site security requirements for records management so you take into
consideration the security needs of your location. Security administrators
need to decide which users and groups have access to certain records
management functions, folders, files, and so on. See the IBM Redbook,
Understanding
IBM FileNet Records Manager (SG24-7623-00) for more information
on this subject.
- Typcial security set up:
- Set up four main groups, RMAdmins, RMManagers, RMReviewers and
RMUsers.
- Assign users to these groups.
- Assign certain privileges and access rights to these groups through
the Security Script wizard.
- Set up additional groups when the Classified data model is used.
In general, assign security settings to groups rather than individual
users. Putting people into groups and assigning security settings
to the groups makes things simpler. If someone is new to the company
or someone leaves the company, it is much easier to add or remove
them from the group then go search for all the places the user needs
to be added or removed from object security. This makes your system
more maintainable.
Important: You should set up and assign IBM Enterprise
Records security before you start
using your IBM Enterprise
Records environment.
Adjusting the default security settings after the system is in use
is complex.
Security settings can be complex because assignments
are not retroactive. For example, you assign GroupA to an RMAdmins
role and then create some record folders and record objects. Later,
you want GroupB to be RMAdmins instead of GroupA. You can run the
Security Script wizard to remove GroupA and add in GroupB, but GroupB
will not be able to have RMAdmin access to those previously created
items. You now need to go to each of the previously created items
and change their access security using
IBM FileNet Enterprise Manager. Refer to the related
links for mor information on security roles, object security, and
security markings.