IBM Enterprise Records, Version 5.1.+              

Configuring security for the file plan object store (FPOS)

After you have configured the object store, you must set the IBM® Enterprise Records security on the file plan object store (FPOS). This task assigns IBM Enterprise Records security roles to users and groups and updates the default instance security on the IBM Enterprise Records objects.

See IBM Enterprise Records security for more information on the IBM Enterprise Records security roles and default instance security.

To assign the IBM Enterprise Records security roles:

  1. Access the checklist that you filled out prior to starting this installation from the link at the end of this topic for the values you need.
  2. Verify that you have configured your object stores as described in the Configuration Manager sections. For more information, see the link at the end of this topic..
  3. Log in to IBM Enterprise Records as a GCD Administrator and Object Store Administrator for the object store you will configure.
    Tip: If you rerun the security script with insufficient rights to update certain folders that have been updated before, the security script fails and returns an insufficient security error.
  4. Select the Configure tab and click Object Store Configuration.
  5. Run the security script on your object store. From the list of object stores configured for IBM Enterprise Records, right-click the FPOS you want to set security on, and select Run Security Script.
    Tip: The Security Script Run Date displays the date the security script was last run on the object store. If no date is displayed, security has not been set.
  6. Select a role and click Add New Members. The Set Security window displays with the names of the IBM Enterprise Records security roles applicable for the imported data model.
  7. Use the Select Users/Groups window to select a user or a group to be assigned to the role and then click Accept.
  8. Assign users and groups to all of the security roles by repeating Steps 6 and 7.
  9. Verify that users assigned the Records Administrator role have object store administrative rights on the FPOS.

    These privileges allow such users to complete workflows on the FPOS.

    When creating new object stores, ensure that you add the users/groups assigned Records Administrator role to the object store administrators group as part of creating the object store.

    For more information about IBM Enterprise Records security role assignments, see the Installation and Upgrade Worksheet.

    Important: If you are configuring already existing object stores for use with IBM Enterprise Records, you must verify that the users/groups you assign to the Records Administrator role already are object store administrators. If they are not, you must run the Security Script wizard to update the security on the object store.
    For information on running the Security Script wizard to update an object store with new users and groups:
    • If your FileNet P8 system is Version 4.5.1: See the IBM FileNet P8 help topic System Administration > Enterprise-wide Administration > FileNet P8 Security > How to... > Update object store with new users and groups.
    • If your FileNet P8 system is Version 5.0: See the IBM FileNet P8 Version 5.0 Information Center topic Security > IBM FileNet P8 security > How to... > Update object store with new users and groups.
  10. When all security roles have been set, click Finish. IBM Enterprise Records displays a wait screen while it applies the specified security. When security has been set, click OK.
    Important: After clicking Finish, wait for the confirmation screen to display before proceeding.
  11. Record the security roles assignment information.
    Important: When assigning the IBM Enterprise Records roles, verify that there is no overlapping of users when selecting groups/users for each role. If a user belongs to more than one role, unexpected behavior occurs where the permissions of one role conflict with the permissions of another. This includes assigning #AUTHENTICATED-USER to the Records User role, which is not recommended.
  12. Modify security to allow users assigned the Records User role to create a version of a document that is declared as a record by another user with the same role.
    Important: The Default Instance Security on the Record class is set to give the Records Manager User group rights to Minor/Major Versioning which define security on the record itself. Users who cannot browse to the document due to container (folder) security can still access the record through search or reports.


Feedback

Last updated: August 2011


© Copyright IBM Corporation 2011.
This information center is powered by Eclipse technology. (http://www.eclipse.org)