IBM FileNet P8, Version 5.1.+            

Permissions

Permission levels

Permission levels are a set of permissions that determine the combined type of access to an object granted to a specific user or group. Modify Content, for example, controls the user's permissions to check out a document, check in a document as a minor version, and cancel a document checkout.

Note: The available permission levels depend on the type of object selected.

You can set a permission to Allow or Deny. Such permissions can relate to other permissions. When you change an Allow or Deny setting, the change ripples to the related settings. For example, when you set Modify Content to Allow, then Modify Properties, View Content and View Properties also receive an Allow setting.

The following illustration shows you the current permission settings for the HR Managers group for a particular document. The permissions for Owner Control and Publish are set to Implicit Deny. Implicit Deny means that no specific setting exists. The group account is denied these access rights until access is granted through another means. The example shows that the HR Managers group has not been explicitly granted Owner Control and Publish access rights to this document, but note that members of the group might have been granted these access rights through some other means (for example, via directly assigned access rights or through membership in some other group). The remaining settings in this example are derived from a security policy. If needed, you can override any of these settings by selecting Allow or Deny for any setting.

The current security settings for the HR Managers group.

Note: Although the Publish permission displays in Workplace XT, you must perform publishing operations through Workplace.

Permission descriptions

The following table entries describe each permission.

Table 1. This table lists and describes each permission category.
Permissions Description
Owner Control The Owner Control permission grants a user complete control of the object. The user can delete the object and set the security for the object. By default, the user who adds an object to the object store initially has Owner Control permission for that object.
  • When you set Owner Control to Allow, all of the remaining permissions are automatically set to Allow.
  • When you set Owner Control to Deny, the other permissions are not changed.
Promote Version (documents only) Promote Version allows the user access to promote and demote documents. You can check out a document, check it back in as a major version, cancel the document checkout, and promote or demote the document version. For more information on versioning, see Manage document versioning.
  • When you set Promote Version to Allow, then Modify Content, Modify Properties, View Content, and View Properties are automatically set to Allow.
  • When you set Promote Version to Deny, Owner Control is also set to Deny
Note: Application Integration does not have promotion and demotion functionality.
Modify Content (documents only) Modify Content allows the user to check out a document, check the document back in as a minor version, or cancel the checkout.
  • When you set Modify Content to Allow, then Modify Properties, View Content, and View Properties are automatically set to Allow.
  • When you set Modify Content to Deny, Owner Control and Promote Version are both set to Deny.

Users cannot modify search templates, stored searches, publish templates, or workflows when using the appropriate designer tools with Modify Content access. Promote Version access is required to apply check out through the search or process designers.

Modify Properties Modify Properties allows the user to change the properties for an object.
  • When you set Modify Properties to Allow, then View Content and View Properties are automatically set to Allow for documents.
  • Setting Modify Properties to Allow for a folder automatically sets View Properties as well.
  • When you set Modify Properties to Deny, then Owner Control, Promote Version (documents only), Modify Content (documents only), and Publish (documents only) are also set to Deny.
View Content (documents only) View Content allows the user to view the contents of a document object (including stored searches, search templates, workflows, and entry templates). For example, if the object is a spreadsheet document, the user can open and view the spreadsheet.
  • When you set View Content to Allow, then View Properties is automatically set to Allow.
  • When you set View Content to Deny, then Owner Control, Promote Version, Modify Content, Modify Properties, and Publish are set to Deny.
View Properties View Properties allows the user to view the properties of a folder or an object.
  • Setting View Properties to Allow does not change any other settings.
  • Setting View Properties to Deny sets all other permissions to Deny by default.
Publish (documents only) Publish permission allows the user to publish an existing document.
  • When you set Publish to Allow, then View Content, View Properties, and Modify Properties are automatically set to Allow.
  • Setting Publish to Deny also sets Owner Control to Deny.
Note: Publishing operations must be performed through Workplace.
Create Subfolder (folders only) Create Subfolder allows the user to add a subfolder to an existing folder.
  • Setting Create Subfolder to Allow automatically sets View Properties to Allow.
  • Setting Create Subfolder to Deny also sets Owner Control to Deny.
File In Folder (folders only) File In Folder allows the user to add documents to a folder.
  • Setting File In Folder to Allow automatically sets View Properties to Allow.
  • Setting File In Folder to Deny automatically sets Owner Control to Deny.
Note:
  • File In Folder does not grant permission to add subfolders to a folder. To add subfolders, a user must have Create Subfolder permission.
  • The security permissions set on a document do not control which folders you can use to store a document. Instead, folder security controls these permissions. If you have View Properties permission for a document, you can file, move, or unfile the document only if you have the File In Folder access right to the folder.

Available permission levels

Use the table below to determine the available permission levels for objects. Custom objects and publishing templates are not supported in Workplace XT.

Documents Annotations (Image Viewer) Folders Custom Objects and Security Policies Stored Searches and Publishing Templates
Owner Control Promote Version Modify Content Modify Properties View Content View Properties Publish Owner Control Modify Content View Content Owner Control Modify Properties Create Subfolder File In Folder View Properties Owner Control Modify Properties View Properties Owner Control Promote Version Modify Content Modify Properties View Content View Properties
Note: In Workplace XT, entry template definitions, search templates, and workflow definitions are documents with special classes. Stored Search permissions apply to these special types of documents. Workflow definitions display the Publish permission, but you cannot publish a workflow.


Feedback

Last updated: July 2011


© Copyright IBM Corporation 2011.
This information center is powered by Eclipse technology. (http://www.eclipse.org)