At a high level, the security model in Documentum is similar to that used in contemporary enterprise applications. There are resources (information, objects) that need to be secured, there are operations that can be performed on the resources, and there are users who wish to perform these operations. The security configuration defines what is allowed for various combinations of users, operations, and resources. At run time, a user attempts to perform an operation and the components of the Documentum architecture resolve rules for the specific user, operation, and resource combination to allow or disallow the attempted operation.

At a detailed level, security implementation is very specific to the Documentum architecture. This is the first chapter on Documentum security and introduces the concept of users and security aspects that are tied to users.

Security, in general, involves — two parts authentication and authorization. While authorization deals with what a user...

The term user is typically used in one of two ways — a human interacting with a system or the representation of identity within the system. The representation of identity within the system may or may not correspond to a real human user. Such accounts are typically referred to as generic, system, or application accounts. A user is represented as an object of type dm_user within the repository.

Recall that authorization pertains to controlling access to functionality. User-specific authorization can be enforced by the client applications as well as the Content Server. Client applications utilize a user's client capability to enforce access control for functionality within the client application. They can also utilize roles to manage access to functionality within the applications. Roles are discussed in Groups and Roles (Chapter 6).

On the other hand, Content Server utilizes basic and extended privileges to enforce access control. As we will see in later chapters, Content Server also enforces object security in addition to these privileges.

As mentioned earlier, a user is stored in the repository as an object of type dm_user. No user can be authenticated against a repository without the presence of the corresponding dm_user object. Some important properties of dm_user are described below:

Help—Some DQL Queries

---

Here are some helpful queries related to users. These queries are based on the information presented in this chapter.

The following query retrieves some basic information about a user with login name jdoe:

SELECT user_name, user_login_name, user_address, description,
home_docbase, user_state
FROM dm_user
WHERE user_login_name = 'jdoe'

The following queries set up a new user named Jane Doe. The first query creates the user object. The second query creates a folder in the repository and the third one sets this new folder as the home folder for the new user.

CREATE dm_user OBJECT
SET user_name = 'Jane Doe',
SET user_login_name = 'jdoe',
SET user_address = 'jdoe@doquent.com',
SET user_group_name = 'docu',
SET user_source = 'inline password',
SET user_privileges = 2,
SET client_capability = 4
CREATE dm_folder OBJECT
SET object_name = 'jdoe',
SET owner_name = 'Jane Doe'
LINK '/Home'
usersDQL queriesUPDATE dm_user OBJECT
SET default_folder = '/Home/jdoe'
WHERE user_login_name...

Documentum Product Notes

---

User administration is typically done through Documentum Administrator. Repetitive or batch user administration activities can be scripted using DQL or API.

Checkpoint

---

At this point you should be able to answer the following key questions:

1. 1. What is user authentication? What are the different ways in which Documentum supports authentication?

2. 2. What is authorization? What are the different ways in which Documentum supports authorization specifically for a user?

3. 3. What is the difference between privileges and client capabilities?

4. 4. What are the different ways for creating and managing users?

Test Your Understanding

---

1. 1. Authentication and authorization are one and the same (True/False).

2. 2. For every user with OS as user source, dm_check_password is used for authentication (True/False).

3. 3. In the following user sources, the user account must exist in the source before the corresponding user can be created in the repository:

   a. Windows OS

   b. UNIX OS

   c. LDAP

   d. None of the above

4. 4. The database owner for the repository database is called the installation owner (True/False).

5. 5. The client capabilities are always enforced by client applications (True/False).

6. 6. One of the basic privileges allows document creation (True/False).

7. 7. Create Cabinet implies Create Type privilege (True/False).

8. 8. Superuser implies Sysadmin privilege (True/False).

9. 9. A user cannot create another user unless the logged-in user has system administrator client capability (True/False).

10. 10. In order to prevent a user from authenticating against the repository, the user can be deactivated (True/False).

The rest of the chapter is locked

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Renews at $15.99/month. Cancel anytime

Start free trial

Previous Chapter

Chapter 1 of 23

Next Chapter

You have been reading a chapter from

Documentum Content Management Foundations: EMC Proven Professional Certification Exam E20-120 Study Guide

Published in: Jun 2007 Publisher: Packt ISBN-13: 9781847192400

© 2007 Packt Publishing Limited All Rights Reserved

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Sign up now

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime}

Authors (1)

Pawan Kumar

Pawan Kumar is a Technical Architect with current expertise in Enterprise Content Management with EMC Documentum. He has an MS in Computer Science from University of North Carolina at Chapel Hill and a BS in Electrical Engineering from the Indian Institute of Technology, New Delhi (India). Pawan has experience developing products as well as delivering business solutions on the Documentum platform and has created two products for this platform. He is intimately familiar with effective processes and tools for achieving business objectives through Documentum-based technology solutions. He has led and executed requirements and design workshops, architecture design, scoping, estimation, project planning, resource planning, technical design, software development, software testing, solution roll-out, and ongoing support for the deployed solutions. Pawan has been architecting, designing, and developing enterprise applications for ten years. He has developed software systems for financial services, healthcare, pharmaceutical, logistics, energy services, and retail industries. His expertise spans solution architecture, document management, system integration, web content management, business process management, imaging and input management, and custom application development. Currently, Pawan provides consulting and training services through doQuent (http://doquent.com), which was founded with the vision of enabling client success in content-related business initiatives. He also believes in giving back to the community. He founded the free online Documentum community dm_cram (http://dmcram.org), which is a test preparation resource for Documentum exams. He is also an active contributor to the Documentum-users Yahoo! User group, where Documentum community members seek help for their technical challenges. He can be reached at pk@doquent.com. Contact Pawan Kumar

Read more

See other products by Pawan Kumar

Personalised recommendations for you

Based on your interests and search pattern

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.

Aug 2023 17 hours 28 minutes

Microsoft 365 Security, Compliance, and Identity Administration

The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.

Aug 2023 21 hours 0 minutes

Zero Trust Overview and Playbook Introduction

Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.

Oct 2023 8 hours 0 minutes

The Self-Taught Cloud Computing Engineer

This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.

Sep 2023 15 hours 44 minutes

Technology Operating Models for Cloud and Edge

This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.

Aug 2023 7 hours 36 minutes

Azure Architecture Explained

Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.

Sep 2023 14 hours 52 minutes

Pentesting Active Directory and Windows-based Infrastructure

This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.

Nov 2023 12 hours 0 minutes

Practical Ansible

In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.

Sep 2023 14 hours 0 minutes

Windows 11 for Enterprise Administrators

Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.

Oct 2023 9 hours 32 minutes

The Linux DevOps Handbook

This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.

Nov 2023 14 hours 16 minutes

Property	Label	Description
user_state	State	Active or Inactive; only active users can connect to the Content Server. 0 means that the user can log in. 1 means that the user cannot log in. 2 means that the user is locked. 3 means that the user is locked and inactive.
user_name	Name	Display name.
user_login_name	User Login Name	Login ID or user account. This is the name used for authenticating the user.
user_login_domain	User Login Domain	Windows domain or LDAP config name.
user_source	User Source	As described earlier.
description	Description	Any free-form information about the user.
user_address	E-mail Address	User's email address.
user_os_name	User OS Name	User's OS name...