Chapter 5. Security 95
Table 5-1 Content Manager default settings for users who can declare records
5.1.2 Managing security through document access control
In Document Manager, document access control is based on Content Manager’s
access control model.
A user can only gain access to the Document Manager system when the user
has a login ID and password defined in Content Manager. The login ID has a set
of privileges associated with it. That set specifies the maximum actions the user
can perform in the system.
Any document that you add to the Document Manager system is associated with
a Document Manager class. A
Document Manager class is derived from an item
type. When you create an
item type, you specify the ACL to which it is bound. A
Document Manager class derived from the item type inherits the ACL of the item
type. A document by default inherits the ACL of the Document Manager class.
When you initiate an operation on a document in Document Manager, the system
checks your privileges and the ACL that is bound to the document. The system
allows you to proceed if you have the privilege to perform the action. For
example, if you initiate a search action, the search result only returns documents
that you have the right to see. Furthermore, you can only check out documents
that you have the right to edit.
There are two ways you can bind ACL to an item type, at the item type level or at
the item level. You can also change the ACL setting of a document in Document
Manager objects if the ACL is bound at the item level.
Binding ACL to an item type at item type or item level
When defining an item type, you bind the ACL to the item type at the item type
level or at the item level.
If you bind the ACL at the
item type level, all documents created under that item
type inherit the item type’s ACL. You cannot change the ACL of any individual
Setting Value Comment
RMEUserAllPrivs Default privilege set provided by Records
Default item access
RMEClientACL Default ACL provided by Records Enabler
PublicReadACL Add the user or
the user’s group
Must have access to RMEConfig item
type, which is assigned to PublicReadACL