How does IBM Document Manager create and manage user access control lists (user ACLs)?
User ACLs (access control lists) are created when security modifications are made to a document by an end user.
If there is already an ACL defined in the content server for the selected user/group and the privilege/privilege set combination, then that ACL is simply re-used and assigned to the document whose security is being modified, else a new ACL is created for that combination and assigned to the document.
If a user modifies the security of a document after creation of the user-defined ACL, then the old user ACL is simply de-linked from that document and either an existing user ACL or new user ACL is assigned to the document as described above.
Document Manager will create a new user ACL only if there is no existing user ACL that matches the user/group and privilege/privilege set combination chosen by the user.
Document Manager does not impose any upper limit on the number of user ACLs that can be created.
Over time, user ACLs may be orphaned, i.e become unassigned to any item and they need to be removed so that the ACL table in the content server can be kept trim to avoid adverse performance impact. To remove the orphaned ACLs in the system, the cleanupUserACL tool that ships with Content Manager versions 8.4.2 and 8.4.3 may be used. Please see the Related URLs section for more information.