Authorization
When a security principal that has already been authenticated
attempts to access FileNet®
P8
objects, Content Platform Engine will attempt to retrieve
that principal's user and group memberships from the directory service
provider. If successful, the user or group will be authorized to carry
out actions described by the access rights placed on the objects.
The topics in this section describe authorization: the various features
used to manage security and apply security to objects, as well as
the details of security behavior
About access rights FileNet P8 provides a full-featured system of access rights that let you control access to objects.Default security Security for integrated components and third-party products FileNet P8 is integrated with several FileNet and third-party software products. The topics in this section briefly describe the security features of some of those products and the requirements when used in conjunction with FileNet P8 .Mapping security levels to individual access rights FileNet P8 security levels are logically defined sets of individual permissions, intended to simplify the process of assigning permissions to objects. Markings IBM® Enterprise Records application, markings are available to any application that needs the kind of property-based layer of security that markings provide.Object access rights and security Object ownership Property modification access Write access to the property. However, Content Platform Engine provides an optional way to add another layer to the required access rights to modify custom properties. System administrators can do this by configuring the Modification Access of property templates. (Because this feature depends on a system property called Modification Access Required , the acronym for modification access behavior is MAR.)Required minimum access rights by operation Content Platform Engine to carry out document-oriented operations.Security policies Storage area security Target access required Understanding local groups FileNet P8 domain and controlled by the domain administrators instead of in an external LDAP service. Controlling authorization with a local group gives you the flexibility to create and assign members to access groups without requiring updates to the LDAP repository.Understanding security inheritance FileNet P8 security design.Understanding role-based access