资源描述
Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,*,Users and Groups,Click to edit Master title,Users and Groups,Users,A user is,One who gains access to the Docbase,An individual person,Has an operating system account,An instance of type dm_user,userA,userB,Content Server,Users,User Privileges,Users in DA,User Authentication,Groups,1,Users and Groups,Client Capability,When a user accesses a Docbase, he/she is assigned a capability of,Consumer (default for all new users),Mostly searching and viewing documents,Contributor,Creating and editing documents,Coordinator,Creating workflows, managing documents,System Administrator,Docbase administration functions,2,Users and Groups,What does a user get?,Each Docbase user gets,An Inbox that can contain,Workflow items,Notifications,A default folder that,Identifies the default storage location for all objects created by the user,Can be a folder or cabinet,3,Users and Groups,User Privileges,Each user is assigned one (or more) of six possible privileges,None (Default) (0).,Create Type (1),Create Cabinet (2),Create Group (4),SYSADMIN (8),SUPERUSER (16),Privileges are additive, not hierarchical. For example,A user can have Create Type and Create Group,A user with only Create Group cannot create a type,l,*,l,*,Users,User Privileges,Users in DA,User Authentication,Groups,4,Users and Groups,User Privileges: SYSADMIN,The SYSADMIN privilege (8) allows a user to,Assume previous privileges (Create Type, Create Cabinet, Create Group),Grant and revoke type, group and cabinet privileges to users,Create, alter, and drop users and groups,Activate or deactivate a user,Create and modify system-level permission sets (,ACLs,),Perform full-text and Docbase administration functions,Manipulate workflows and workflow items,Manage any objects document lifecycle,The SYSADMIN privilege does not override a users object-level permissions,5,Users and Groups,User Privileges: SUPERUSER,The SUPERUSER privilege (16) allows a user to,Assume the privileges of SYSADMIN,Grant and revoke SYSADMIN and SUPERUSER privilege,Unlock checked out documents,Modify or drop another users user-defined type,Modify or remove another users permissions sets,Create types with no supertype,Change the owner of a document,Create, modify, and delete system-level ACLs,Register and unregister another users table,6,Users and Groups,User Privileges: SUPERUSER (continued),A SUPERUSER inherits ownership of all objects, inheriting the owners permissions.,The object owner always has at minimum READ permission,A SUPERUSER also has the ability to change the permissions,For example, if the owner of a document has VERSION permission, a SUPERUSER would also have VERSION permission on that document,WORLD,OWNER,ENGINEERING,READ,VERSION,WRITE,Engineer Job Description,7,Users and Groups,Extended Privileges,Auditing of a Docbase event,Records information about the occurrence of that event in audit trail entries,Is initiated by Audit API,Is stopped by Unaudit API,Each user is assigned one (or more) of three possible privileges,Config Audit (8),Purge Audit (16),View Audit (32),Privileges are additive, not hierarchical. For example, a user with only Purge Audit cannot Config Audit.,8,Users and Groups,Steps for Creating a User,To create a user, you must be Installation Owner, or have SYSADMIN or SUPERUSER privilege,The user must be added to the server operating system or authenticated against an LDAP directory server,Add the user to the Docbase using any one of these tools:,Documentum Administrator,Manually, or,Using an LDIF import file,DQL,API,DFC,9,Users and Groups,Adding a User,Users,User Privileges,Users in DA,User Authentication,Groups,10,Users and Groups,Adding a User Using an Input File,To import a new user,In the navigation tree, expand Administration User Management,Click Users,From the menu, select File Import User,Enter the Input File Path,Click Import,11,Users and Groups,Modifying a User,12,Users and Groups,Deleting or Deactivating a User,When a user leaves the Docbase, you have the option to,Delete the user object- Deleting a user with outstanding objects causes Content Server to return errors,Change the users OS password,Immediately denies the user further access to the Docbase,No real way of tracking users who are no longer part of the Docbase,Reassign the user to an existing user- Assumes that existing user will want to own and manage all of the old users objects,Deactivate the user,Change the user_state to deactivated (1),Recommended option, trackable and easily reversible,13,Users and Groups,User Authentication,The Content Server authenticates users using:,OS Name,OS Password,Domain,Users,User Privileges,Users in DA,User Authentication,Groups,14,Users and Groups,User Name and Password Authentication,The User Name and Password are specified by,The user, through the Log On dialog,Automatically, if Use Windows Login is selected,15,Users and Groups,Domain Authentication,Upon login (no domain-required mode), the domain,If entered, is authenticated against the user_os_domain property of the user,If left blank, is authenticated against the value of the user_auth_target key in the server.ini file,16,Users and Groups,User Authentication- Password Checking,The Content Server uses dm_check_password.exe to validate users,Other password checking programs may be used,user_name,*,user_os_name,*,domain,Content Server,dm_check_password.exe,17,Users and Groups,Groups,A group,Is a set of users,Consists of users or groups (nested group) or both,Provides a subset of users access to objects,An instance of type dm_group,Content Server,Group A,Users,User Privileges,Users in DA,User Authentication,Groups,18,Users and Groups,Adding a Local Group,To create a local group,In the navigation tree, expand Administration User Management,Click Groups,From the menu, select File New Group,Enter a Name,Click FINISH,You must have,Create Group,SYSADMIN, or,SUPERUSER,privilege to create a group,You can create,nested,groups using Documentum Administrator,Users,User Privileges,Users in DA,User Authentication,Groups,19,Users and Groups,
展开阅读全文