Search icon Close icon
Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Documentum Content Management Foundations: EMC Proven Professional Certification Exam E20-120 Study Guide

You're reading from  Documentum Content Management Foundations: EMC Proven Professional Certification Exam E20-120 Study Guide

Product type Book
Published in Jun 2007
Publisher Packt
ISBN-13 9781847192400
Pages 284 pages
Edition 1st Edition
Languages
Concepts
Author (1):
Pawan Kumar Pawan Kumar
Profile icon Pawan Kumar
LinkedIn
Pawan Kumar is a Technical Architect with current expertise in Enterprise Content Management with EMC Documentum. He has an MS in Computer Science from University of North Carolina at Chapel Hill and a BS in Electrical Engineering from the Indian Institute of Technology, New Delhi (India). Pawan has experience developing products as well as delivering business solutions on the Documentum platform and has created two products for this platform. He is intimately familiar with effective processes and tools for achieving business objectives through Documentum-based technology solutions. He has led and executed requirements and design workshops, architecture design, scoping, estimation, project planning, resource planning, technical design, software development, software testing, solution roll-out, and ongoing support for the deployed solutions. Pawan has been architecting, designing, and developing enterprise applications for ten years. He has developed software systems for financial services, healthcare, pharmaceutical, logistics, energy services, and retail industries. His expertise spans solution architecture, document management, system integration, web content management, business process management, imaging and input management, and custom application development. Currently, Pawan provides consulting and training services through doQuent (http://doquent.com), which was founded with the vision of enabling client success in content-related business initiatives. He also believes in giving back to the community. He founded the free online Documentum community dm_cram (http://dmcram.org), which is a test preparation resource for Documentum exams. He is also an active contributor to the Documentum-users Yahoo! User group, where Documentum community members seek help for their technical challenges. He can be reached at pk@doquent.com. Contact Pawan Kumar
See other products by Pawan Kumar

Table of Contents (23) Chapters

Documentum Content Management Foundations
Credits
About the Author
Acknowledgement
About the Reviewers
Preface
1. ECM Basics 2. Working with Content 3. Objects and Types 4. Architecture 5. Users and Privileges 6. Groups and Roles 7. Object Security 8. Searching 9. Custom Types 10. DocApps 11. Workflows 12. Lifecycles 13. Aliases 14. Virtual Documents Practice Test 1 Practice Test 2 Answers

Chapter 07. Object Security

In this chapter, we will explore the following concepts:

  • Basic and extended object permissions

  • Creation and assignment of permission sets

  • Object owner and superusers

  • Folder security

Security — A Recap

In previous chapters, we studied various features of Documentum security including users, groups, roles, domains, authentication, client capabilities, and basic and extended privileges. These aspects focus primarily on the identity of the user. The other side of security concerns is the resource being accessed, i.e. an object. The object security defines access restrictions applied at the object-level granularity.

This chapter introduces the concepts associated with object security and how these concepts relate to other security parameters for specifying the overall access control configuration for Documentum.

The object security applies to objects of type dm_sysobject or one of its subtypes. All discussion in this chapter assumes the objects to be of this type unless...

Security — A Recap

In previous chapters, we studied various features of Documentum security including users, groups, roles, domains, authentication, client capabilities, and basic and extended privileges. These aspects focus primarily on the identity of the user. The other side of security concerns is the resource being accessed, i.e. an object. The object security defines access restrictions applied at the object-level granularity.

This chapter introduces the concepts associated with object security and how these concepts relate to other security parameters for specifying the overall access control configuration for Documentum.

The object security applies to objects of type dm_sysobject or one of its subtypes. All discussion in this chapter assumes the objects to be of this type unless stated otherwise.

Object Permissions

Each object in the repository is associated with permission settings that grant specific permissions to certain users and groups. These permissions are categorized into basic and extended permissions.

Basic Permissions

Basic permissions relate to accessing and manipulating an object's content and metadata and include the following levels:

Level

Value

Description

NONE

1

No access is allowed.

BROWSE

2

View metadata (properties).

READ

3

View the associated content.

RELATE

4

Create relationships, such as between annotations and PDF files, documents, and lifecycles. Documentum uses various types of relationships to manage content effectively.

VERSION

5

Create new version.

WRITE

6

Modify without changing version (modify properties without checkout or modify and check in as same version).

DELETE

7

Delete the object.

The basic permissions are hierarchical in nature implying that a particular permission level includes all the lower permission...

Special Users

There are two special types of users who implicitly get certain permissions — object owners and users with Superuser privilege. Ordinary users (other than these two types) must be granted specific permissions for them to be able to access the object in the desired manner.

Object Owner

Each object is associated with a user or group, which is referred to as its object owner. The object owner is special as far as the particular object is concerned and gets the following permissions on this object automatically:

  1. 1. READ permission

  2. 2. All extended permissions except Extended Delete

Usually, the object owner is assigned higher permissions through the applied permission set. Permission sets are discussed later in this chapter.

Managing Object Ownership

An object can only have one specified owner (dm_sysobject.owner_name) at a time, which can be a user or a group. By default, the user creating the object becomes the owner of that object. Object ownership can be reassigned to another...

Permission Sets (ACLs)

So far we have seen the basic and extended permission levels. In order for the permissions to be assigned to an accessor (user or group), they need to be placed inside a permission set. A permission set (also known as ACL or Access Control List) is simply a set of basic and extended permissions associated with different accessors.

A permission set is stored as an object of type dm_acl. Permission sets are used for controlling access only to the objects of type dm_sysobject (or any of its subtypes). The valid operations on renditions are controlled by the permission set on the primary object. Recall that renditions cannot be edited or checked out.

There are four categories of accessors that can be granted permissions in a permission set — owner (dm_owner is the alias for owner), specific users, specific groups, and world (dm_world is the alias for world). These categories are intended to be able to resolve the permissions of any user who may attempt to access an object...

Folders and Permission Sets

Just like other sysobjects, each folder (and cabinet) is also assigned a permission set. This permission set is used for two purposes:

  1. 1. Controlling access to the folder object

  2. 2. Assigning to the objects that have this folder as their primary folder when the server's default ACL mode is set to folder

A folder's permission set does not restrict access to the objects linked to it unless the folder security is enabled for the repository.

The folder security can be used for securing folders by adding restrictions based on links to the folders. When folder security is in use, object security is necessary, but not sufficient for adding documents to or removing documents from a folder. When folder security is enabled, a WRITE permission is required on the folder to link (create, import, copy to) or unlink (move, delete) content within it. Appropriate object permissions are still required for the operation to succeed. Other operations can be performed on the content...

Help—Some DQL Queries

Some helpful queries related to object security are described in this section. These queries are based on the information presented in this chapter.

The following query retrieves basic permissions granted on a given object:

SELECT r_accessor_name, r_accessor_permit
FROM dm_acl
WHERE object_name =
(SELECT acl_name
FROM dm_document
WHERE r_object_id = '0900006480000509')
AND owner_name =
(SELECT acl_domain
FROM dm_document
WHERE r_object_id = '0900006480000509')

Note a few things in this query. DQL doesn't allow joins when retrieving repeating properties (accessor name and permit) — this query achieves the same effect using subqueries. Also note that both acl_name and acl_domain should be checked when looking up the ACL for an object.

It is not straightforward to check extended permissions through queries since they return an integer value that needs to be decoded. It is best to view extended permissions through an application such as Webtop or Documentum Administrator...

Documentum Product Notes

The Administration node in Webtop or Documentum Administrator can be used for creating and managing permission sets. The permissions tab on object properties can be used for reassigning a permission set or for modifying permissions. System Administrator client capability is needed for these operations.

Trusted Content Services (TCS) is an optional component of Documentum architecture and requires a separate license to use with the Content Server. It provides enhanced security features such as encrypted communication (SSL) and storage, electronic signatures, and additional restrictions in addition to the usual object security.

Checkpoint

At this point you should be able to answer the following key questions:

  1. 1. What is a permission set and how is it different from a permission?

  2. 2. What are basic permissions? What are extended permissions?

  3. 3. How is a permission set selected to be assigned to a new object?

  4. 4. What is a custom permission set? Who can create it and why is it needed?

  5. 5. How does folder security provide additional object security beyond the permission sets?

  6. 6. What kind of security is provided by Trusted Content Services?

Test Your Understanding

  1. 1. A user with Extended Delete permission automatically gets WRITE permission as well (True/False).

  2. 2. A permission set can contain multiple ACLs (True/False).

  3. 3. The VERSION permission implies the following permissions:

    a. WRITE

    b. READ

    c. BROWSE

    d. DELETE

  4. 4. The object owner automatically gets all the extended permissions (True/False).

  5. 5. A permission set created by a user without Sysadmin or Superuser privilege is called a custom permission set (True/False).

  6. 6. The default ACL mode for the server is set to folder. A user creates an object in folder A and then moves it to folder B. The final permission set on the object is the same as:

    a. The permission set of the user

    b. The permission set of the type of the object

    c. The permission set of the folder A

    d. The permission set of the folder B

  7. 7. The same object from question 6 is now linked to folder C as well. The permission set of the object:

    a. Changes to the permission set of folder C

    b. Remains unchanged

    c. Changes...

lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 23
Next Chapter arrow right
You have been reading a chapter from
Documentum Content Management Foundations: EMC Proven Professional Certification Exam E20-120 Study Guide
Published in: Jun 2007 Publisher: Packt ISBN-13: 9781847192400
© 2007 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime}

Authors (1)

Profile icon Pawan Kumar
LinkedIn
Pawan Kumar is a Technical Architect with current expertise in Enterprise Content Management with EMC Documentum. He has an MS in Computer Science from University of North Carolina at Chapel Hill and a BS in Electrical Engineering from the Indian Institute of Technology, New Delhi (India). Pawan has experience developing products as well as delivering business solutions on the Documentum platform and has created two products for this platform. He is intimately familiar with effective processes and tools for achieving business objectives through Documentum-based technology solutions. He has led and executed requirements and design workshops, architecture design, scoping, estimation, project planning, resource planning, technical design, software development, software testing, solution roll-out, and ongoing support for the deployed solutions. Pawan has been architecting, designing, and developing enterprise applications for ten years. He has developed software systems for financial services, healthcare, pharmaceutical, logistics, energy services, and retail industries. His expertise spans solution architecture, document management, system integration, web content management, business process management, imaging and input management, and custom application development. Currently, Pawan provides consulting and training services through doQuent (http://doquent.com), which was founded with the vision of enabling client success in content-related business initiatives. He also believes in giving back to the community. He founded the free online Documentum community dm_cram (http://dmcram.org), which is a test preparation resource for Documentum exams. He is also an active contributor to the Documentum-users Yahoo! User group, where Documentum community members seek help for their technical challenges. He can be reached at pk@doquent.com. Contact Pawan Kumar
Read more
See other products by Pawan Kumar

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.
Aug 2023 17 hours 28 minutes
Microsoft 365 Security, Compliance, and Identity Administration
Microsoft 365 Security, Compliance, and Identity Administration
The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.
Aug 2023 21 hours 0 minutes
Zero Trust Overview and Playbook Introduction
Zero Trust Overview and Playbook Introduction
Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.
Oct 2023 8 hours 0 minutes
The Self-Taught Cloud Computing Engineer
The Self-Taught Cloud Computing Engineer
This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.
Sep 2023 15 hours 44 minutes
Technology Operating Models for Cloud and Edge
Technology Operating Models for Cloud and Edge
This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.
Aug 2023 7 hours 36 minutes
Azure Architecture Explained
Azure Architecture Explained
Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.
Sep 2023 14 hours 52 minutes
Pentesting Active Directory and Windows-based Infrastructure
Pentesting Active Directory and Windows-based Infrastructure
This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.
Nov 2023 12 hours 0 minutes
Practical Ansible
Practical Ansible
In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.
Sep 2023 14 hours 0 minutes
Windows 11 for Enterprise Administrators
Windows 11 for Enterprise Administrators
Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.
Oct 2023 9 hours 32 minutes
The Linux DevOps Handbook
The Linux DevOps Handbook
This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.
Nov 2023 14 hours 16 minutes
Right arrow icon