Configuring Content Platform Engine for external sharing
After you set up your external user management mechanism and configure your Application Server, you must configure sharing in Administration Console for Content Platform Engine.
About this task
Procedure
- If you are using dynamic user provisioning with an Identity Provider, use the
Administration Console for Content Platform Engine to create a managed user
directory. For details, see (V5.5.4 and later) Configuring users with an identity provider.
-
If you are using a second LDAP directory for external users, associate the new external LDAP
directory realm to your Content Platform Engine:
- In the Administration Console for Content Platform Engine, open the domain, and click the Directory Configuration tab.
- Click New, and add information about the LDAP directory realm that you configured for external users.
- In the Properties, set the value for the Principal Category property to External.
-
Set the value for the Exclude From Authenticated Users property to
True.
This setting prevents external users from accessing any content with the #AuthenticatedUsers permission setting.
Note:The User Display Name attribute is recommended to be set to the LDAP display name. For ADAM, for example, the setting is set to displayName.
-
Configure an email server.
- In the Administration Console for Content Platform Engine, open the domain, and click the SMTP Subsystem tab.
- Click Enable email services.
- Supply the necessary values for your email server.
-
Grant your group of external users Create instance permission on the
Document class and subclasses that are used by entry templates in your share-enabled object
store.
- In the Administration Console for Content Platform Engine, go to Object_store > Data Design > Classes, and click Document.
- In the Document Class page, click the Security tab.
- Click Add Permissions.
-
Add the group of external users from your external LDAP directory.
For example, #REALM-USERS(ExternalDirectory)
-
Grant the following permissions:
- Permission type: Allow
- Apply to: This object only
- Permission group: Custom
- Enable the following options:
- View all properties
- Create instance
- Save your changes.
The external user gains permission to create a document in a folder where they have access. -
Grant
your group of external users Create instance permission on the Folder class
and subclasses that are used by entry templates in your share-enabled object store.
- In the Administration Console for Content Platform Engine, go to Object_store > Data Design > Classes, and click Folder.
- In the Folder Class page, click the Security tab.
- Click Add Permissions.
-
Add the group of external users from your external LDAP directory.
For example, #REALM-USERS(ExternalDirectory)
-
Grant the following permissions:
- Permission type: Allow
- Apply to: This object only
- Permission group: Custom
- Enable the following options:
- View all properties
- Create instance
- Save your changes.
The external user gains permission to create a folder in a folder where they have access. -
Set security on the Document Share and Folder Share
classes to control who can see share instances by selectively granting the share permission.
For example, you might want to leave the share permission off large groups like #AuthenticatedUsers, and instead allow only supervisors to see the contents of the share records.
- In the Administration Console for Content Platform Engine, go to Data Design > Classes > Other Classes > Abstract Persistable > Share > Document Share.
- On the Document Share pane, click the Default Instance Security tab.
- Click the check-box for #AUTHENTICATED-USERS, then click Remove.
- Save your changes.
- In the Administration Console for Content Platform Engine, go to Data Design > Classes > Other Classes > Abstract Persistable > Share > Folder Share.
- On the Folder Share pane, click the Default Instance Security tab.
- Click the check-box for #AUTHENTICATED-USERS, then click Remove.
- Save your changes.