In Short:
If we want to allow users to see only very few cabinets when he/she login, we can restrict their access(limit them to see only desired cabinet irrespective of the access they are having to other cabinets - even if they have delete access to other cabinet, they will not see the cabinet if not added to restricted cabinets) to the limited cabinets. This can be achieved by adding list of cabinets to user object using DA or alternatively using DQL by adding desired "r_object_id" of the cabinets to restricted_folder_ids to user's object.
In Detail :
Normally once a user log in to webtop, he/she is shown the default folder as My home cabinet. This is the location, where user needs to work frequently as per their business roles. So while admin crates user's account in Documentum, they set a default folder in user's profile.
Apart from this, user can see the list of all the cabinets he/she is having at least browse access. Even user is not provided read or browse access to other cabinets, still he/she might see them all. This happens because for other cabinets, the ACL might have provided 'browse' or more access to "dm_world"
what is "dm_world"?
If we want to allow users to see only very few cabinets when he/she login, we can restrict their access(limit them to see only desired cabinet irrespective of the access they are having to other cabinets - even if they have delete access to other cabinet, they will not see the cabinet if not added to restricted cabinets) to the limited cabinets. This can be achieved by adding list of cabinets to user object using DA or alternatively using DQL by adding desired "r_object_id" of the cabinets to restricted_folder_ids to user's object.
In Detail :
Normally once a user log in to webtop, he/she is shown the default folder as My home cabinet. This is the location, where user needs to work frequently as per their business roles. So while admin crates user's account in Documentum, they set a default folder in user's profile.
 |
| Documentum My Home Cabinet |
Apart from this, user can see the list of all the cabinets he/she is having at least browse access. Even user is not provided read or browse access to other cabinets, still he/she might see them all. This happens because for other cabinets, the ACL might have provided 'browse' or more access to "dm_world"
what is "dm_world"?
You can find this in almost of the ACLs in Documentum. Usually in all ACLs, specific groups or users are mentioned with their corresponding access levels. Like certain group will have delete access to the ACL, some will have write access and some will have read access. Apart from the users(which are directly added to ACL or the member of the group which have access to the ACL), there is the subset remaining for whom no access levels is mentioned in the ACL.
With an Example:
For example lets say there are 1000 users in a repository.
Now I have an ACL lets say 'acl1', if I provide delete, write , read and browse access to few users or group they will have corresponding access to the ACL. Lets say all users added directly or via group summed up to 100 users.
Now there will be 900 users remaining. So these 900 users will be considered as part of "dm_world".
Remember "dm_world" is not a group. Its just collection of users, for each ACL, which are not defined in any of the access levels.
In the above example, if you add another user to the ACL, then the remaining members of "dm_world" will automatically come to 899.
So this is very important to provide none access to "dm_world" explicitly if you do not want anyone else to access your cabinet.
Now back to the additional cabinets which users can see in cabinet list. Sometime certain users
should not see other cabinets no matter if they are even having delete access to other cabinets. we can restrict them to see only few cabinets.
One more thing when this comes useful is, when a user is in such a group which have access to 2 cabinets, and only for this particular user we do not want him to see the second cabinet, we can restrict user's access to first cabinet only.
We can restrict their access from DA, by User Management -> Users -> search and right click to see properties of the corresponding user:
Now I have an ACL lets say 'acl1', if I provide delete, write , read and browse access to few users or group they will have corresponding access to the ACL. Lets say all users added directly or via group summed up to 100 users.
Now there will be 900 users remaining. So these 900 users will be considered as part of "dm_world".
Remember "dm_world" is not a group. Its just collection of users, for each ACL, which are not defined in any of the access levels.
In the above example, if you add another user to the ACL, then the remaining members of "dm_world" will automatically come to 899.
So this is very important to provide none access to "dm_world" explicitly if you do not want anyone else to access your cabinet.
Now back to the additional cabinets which users can see in cabinet list. Sometime certain users
should not see other cabinets no matter if they are even having delete access to other cabinets. we can restrict them to see only few cabinets.
One more thing when this comes useful is, when a user is in such a group which have access to 2 cabinets, and only for this particular user we do not want him to see the second cabinet, we can restrict user's access to first cabinet only.
We can restrict their access from DA, by User Management -> Users -> search and right click to see properties of the corresponding user:
Comments
Post a Comment