Object store security levels

Explanation of object store security levels.

The table below maps object store security levels to the rights from which they are comprised. For example, the Use object store security level includes the rights Connect to store, Create new objects, Modify existing objects, and Delete objects. Access rights to an object store are limited to only that object store and do not extend to other object stores in the FileNet® P8 domain.

In Administration Console for Content Platform Engine, the object store's security page lists the users and groups that were added while running the object store wizard as follows:

  • Users and groups added as users receive the Use object store level.
  • Users and groups added as administrators get Full Control and are therefore object store administrators.

Each right in the table is expressed as a user interface (UI) description of the right and as an access right setting that corresponds to the UI description. For example, the right to connect to an object store could appear as Connect to store in an application UI, but the actual setting for connecting to an object store is the AccessRight.CONNECT value.

Table that maps object store security levels, which are marked with a check symbol, to the access rights.
Rights Full Control Use object store View object store <Default>

Connect to store

AccessRight.CONNECT

 check check check

View all properties

AccessRight.READ

 check check check

Create new objects

AccessRight.STORE_OBJECTS

 check check  

Modify existing objects

AccessRight.MODIFY_OBJECTS

 check check  

Delete objects

AccessRight.DELETE

 check check  

Set owner of any object

AccessRight.WRITE_ANY_OWNER

 check    

Modify all properties

AccessRight.WRITE

 check

Read permissions

AccessRight.READ_ACL

 check    

Modify permissions

AccessRight.WRITE_ACL

 check    

Modify retention

AccessRight.MODIFY_RETENTION

 check    

Modify certain system properties

AccessRight.PRIVILEDGED_WRITE