Versions Compared

Old Version 6

changes.mady.by.user Petr Podsednik

Saved on

compared with

New Version 7

changes.mady.by.user Petr Podsednik

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

FAQs

...

Specific

How does Group Expansion Work?

  1. Download all ACLs
  2. Fetch $groups the $user is member of.
  3. For each ACL
    1. Check if $user is the file owner and dm_owner has at least BROWSE permit.

      If so, return with user has read access.

    2. Check if $user belongs in all groups specified in "required groups".

      If not, return with user has no read access.

    3. Check if at least one group from $groups is on "required groups set":

      If not, return with user has no read access.

    4. For each deny:

      If one deny entry matches $user or one group in $groups, return with user has no read access.

    5. For each allow:

      If at least one entry matches $user or one group in $groups, return with user has read access.

    6. If up until now the user has read access, and dm_world has at least BROWSE permit, return user has read access.

Note:

  • If user has read access, then we add the ACL ID as a group name.
  • If user is owner and dm_owner has BROWSE permit or higher, the user is added as group name.

Specific Documentum document level security examples can be found here

General 

Include Page
Connectors FAQ & Troubleshooting
Connectors FAQ & Troubleshooting

Troubleshooting

...

The connector fails with a webtop docbroker error

...

This means the Documentum URL you typed contains errors. Be sure it has the correct format (dctm://server:port/docbase/cabinet/folder).

How does Group Expansion Work?

  1. Download all ACLs
  2. Fetch $groups the $user is member of.
  3. For each ACL
    1. Check if $user is the file owner and dm_owner has at least BROWSE permit.

      If so, return with user has read access.

    2. Check if $user belongs in all groups specified in "required groups".

      If not, return with user has no read access.

    3. Check if at least one group from $groups is on "required groups set":

      If not, return with user has no read access.

    4. For each deny:

      If one deny entry matches $user or one group in $groups, return with user has no read access.

    5. For each allow:

      If at least one entry matches $user or one group in $groups, return with user has read access.

    6. If up until now the user has read access, and dm_world has at least BROWSE permit, return user has read access.

Note:

  • If user has read access, then we add the ACL ID as a group name.
  • If user is owner and dm_owner has BROWSE permit or higher, the user is added as group name.

Specific Documentum document level security examples can be found here

General 

...

Troubleshooting

Info

No available troubleshooting at this moment

Problem

Solution

...