Configuring security

When you and your users log on to the IBM® eDiscovery Manager web client, you connect to a content server. The type of content management system (IBM FileNet® P8 or IBM Content Manager Enterprise Edition) determines how you configure security, create user IDs, and assign access rights and privileges.

User IDs

In FileNet P8 environments, the user IDs that users enter when they log on to the eDiscovery Manager web client are created by an LDAP administrator.

In Content Manager EE environments, the user IDs that users enter when they log on to the eDiscovery Manager web client can be created by a Content Manager EE administrator or by an LDAP administrator. LDAP user IDs are recommended because they can be imported into Content Manager EE and they are then synchronized across content servers.

Logging in to the eDiscovery Manager web client

When users log into eDiscovery Manager, they log into the primary content server. The same user IDs and passwords are then used across all content servers that the users access. For this reason, user IDs and passwords must be synchronized across content servers. If they are not synchronized, users will be unable to access secondary content servers and to search the content on those servers. Use the Synchronize Users button on the User Roles pane of the Administration page to create an eDiscovery group on each secondary content server and to ensure that all eDiscovery users are added to that group.

Exception: The user ID and password of the eDiscovery administrator on the primary content server does not need to be synchronized across content servers. This exception exists because the user ID and password of the content server administrator is used when the eDiscovery administrator accesses a secondary content server. For this reason, it is recommended that you designate the content server administrator on each secondary content server to serve as the eDiscovery administrator for that system.

Roles

eDiscovery Manager supports a set of predefined roles that are enforced by content server security models. Together, eDiscovery Manager roles and content server security control what users can do and what objects they can access. The role or roles that an eDiscovery Manager Super User assigns to a user determine the tasks which that user can perform. For example, IT Administrators can configure eDiscovery Manager. Archive Searchers can search content archives and view their content. Case Builders can not only search content archives and view their content, but they can add content to a case, remove content from a case, and move and copy content between folders.

See the "User roles" online help topic for complete information about user roles and see the "Configuring user roles" online help topic for information about assigning roles to users.

WebSphere Application Server

It is recommended to upgrade the Transport Layer Security (TLS) protocol to 1.2 to comply with the US government SP 800-131 security standard. You can configure the WebSphere Application Server that hosts eDiscovery Manager applications to support the TLS 1.2 protocol. For more information, refer to Configuring WebSphere Application Server to support TLS 1.2 for NIST SP 800-131.