I have some Security questions related to classes, roles, etc. when setting up the IER File Plan Object Store.

I am implementing IBM Enterprise Records 5.2 in our FileNet P8 5.2.1.6 environment. This is the first time working with IER, so I have some Security questions related to classes, roles, etc. when setting up the IER File Plan Object Store. I was instructed to post the questions here.

Environment: Each of our custom FileNet Document Classes has 5 sets of groups assigned to the Security and Default Instance Security. They consist of:

+ Admins – have Full Control
+ Change Security – Has the ability to change Security applied to a document, but cannot add, modify or view documents/content.
+ Read – Can read Properties, security and View Content
+ Add – Same as read, but can Create Instance and modify Properties.
+ Del – Same as Add, but can also delete created documents

Question #1: On the RecordsElectronic Record – how does the Security and Default Instance Security need to be configured? Should Security match, mirror or be different from that assigned to the ROS DocClasses?

Question #2: Do the four IER roles need to be assigned to the Security or Default Security of the Electronic Records? If “Yes”, which permissions does each Role need to have?

Question #3: Are the four IER Roles only used for IER Desktop permissions (as opposed to accessing the records, dispositions, triggers (etc.) objects themselves?

Question #4: If a person has the ability to delete a Record, do they have to have the ability to delete the corresponding document as well? (Note: We plan to disable “Security Proxy”.)

Related:

Leave a Reply