IBM Enterprise Records, Version 5.1.+              

IBM Enterprise Records security

To provide a secure and reliable environment for storing, accessing, and disposing of records, IBM® FileNet® P8 uses security roles, default instance security, security inheritance, and security markings.

Before you install and configure the IBM Enterprise Records environment, review your site security requirements for records management so you take into consideration the security needs of your location. Security administrators need to decide which users and groups have access to certain records management functions, folders, files, and so on. See the IBM Redbook, Understanding IBM FileNet Records Manager (SG24-7623-00) for more information on this subject.
Typcial security set up:
Set up four main groups, RMAdmins, RMManagers, RMReviewers and RMUsers.
Assign users to these groups.
Assign certain privileges and access rights to these groups through the Security Script wizard.
Set up additional groups when the Classified data model is used.
In general, assign security settings to groups rather than individual users. Putting people into groups and assigning security settings to the groups makes things simpler. If someone is new to the company or someone leaves the company, it is much easier to add or remove them from the group then go search for all the places the user needs to be added or removed from object security. This makes your system more maintainable.
Important: You should set up and assign IBM Enterprise Records security before you start using your IBM Enterprise Records environment. Adjusting the default security settings after the system is in use is complex.
Security settings can be complex because assignments are not retroactive. For example, you assign GroupA to an RMAdmins role and then create some record folders and record objects. Later, you want GroupB to be RMAdmins instead of GroupA. You can run the Security Script wizard to remove GroupA and add in GroupB, but GroupB will not be able to have RMAdmin access to those previously created items. You now need to go to each of the previously created items and change their access security using IBM FileNet Enterprise Manager. Refer to the related links for mor information on security roles, object security, and security markings.


Feedback

Last updated: August 2011


© Copyright IBM Corporation 2011.
This information center is powered by Eclipse technology. (http://www.eclipse.org)