IBM Support

Using IBM Business Automation Content Services on Cloud

Product Documentation


Abstract

Business Automation Content Services on Cloud is a comprehensive content management cloud service that delivers document management and content lifecycle capabilities that can be rapidly provisioned as a flexible, cost-effective cloud service for new and existing applications.

Content

Business Automation Content Services on Cloud provides superior scalability, security, stability, mobility, and content management capabilities that can be utilized for a variety of use cases that include:

  • Business and transactional content services
  • Collaborative document management
  • Imaging solutions
  • Social content management
  • Archiving

Business Automation Content Services on Cloud is based on IBM FileNet Content Manager, a reliable, scalable, and highly available enterprise platform that enables you to capture, store, manage, secure, and process information to increase operational efficiency and lower total cost of ownership. Business Automation Content Services on Cloud helps you to streamline and automate business processes, access and manage all forms of content, and automate records management to help meet compliance needs.

The general Cloud Service capabilities include:
  • Document Management with version control and compound documents
  • Content Collaboration with social capabilities
  • Document review and approval workflows
  • Process Orchestration and the ability to invoke a Web Service in a workflow
  • Ability to integrate content access with multiple P8 repositories in the same Cloud instance
  • Microsoft Office integration through Content Navigator Edit Service
  • Microsoft Office document viewing with annotation support
  • Document redaction
    Redaction support limited to PDF and image file formats
  • Mobile device support
  • Development and Administration Tools
    • APIs - Java, .NET and Content Management Interoperability Service (CMIS)
    • Custom events
    • User interface plug-in
    • Custom classifiers (provisioned upon service request)
    • DITA Model (provisioned upon service request)
    • Deployment and design tools

You get a dedicated instance that is hosted in IBM cloud data centers and managed by IBM, and is configured and ready to use. Your instance includes separate environments for development, testing, and production. A single sign-on to the Business Automation Content Services on Cloud portal provides your developers, content owners, and business users access to all of the components and environments that are appropriate to their roles and enable them to get started with content management improvement quickly.

See the following topics for more information:


Users

The Account Administrator manages the accounts of other users and monitors usage in the IBM Business Automation Content Services on Cloud environment.

Other users interact with the content management system in accordance with their user role:

  • A Developer User interacts with the Development environment to create and deploy a content management solution or business process.
  • A Tester User interacts with the Test Environment to validate the solution or application that is created by the Developer.
  • A Business User interacts with the deployed solution or application in the Run Environment to manage content and complete business processes.

Environments

IBM® Business Automation Content Services on Cloud enables the following environment types:

Development

Use the development environment to develop, play back, and deploy applications, and also to create content-related processes.

Test

Use the test environment as a staging environment to validate business processes before they are deployed into the run-time environment. The test environment has the same components as the run-time operating environment.

In the test environment, you use snapshots of applications that are deployed from the development environment. By using snapshots, you can test applications before you deploy them to the run-time operating environment.

Run

Use the content management run environment to work with validated snapshots of content applications. The run-time environment has the same components as the test environment. As a business user of the run-time environment, you participate in processes that were previously validated from application snapshots.

Components

IBM® Business Automation Content Services on Cloud provides the following components:

Administration Console for Content Platform Engine

The Administration Console for Content Platform Engine provides a comprehensive UI to configure and administer the Content Platform Engine in your Business Automation Content Services on Cloud instance. You can use the console to configure and administer object stores and security, as well as to define custom classes and properties in your system.

IBM Content Navigator

IBM® Content Navigator is a web client that can connect to multiple Content Platform Engine repositories.

Content Platform Engine Administration Tools

The Content Platform Engine Administration Tools is a package that includes the most commonly used  administration tools for the Content Platform Engine such as FileNet Deployment Manager and Process Designer.

IBM Content Navigator Clients

The IBM Content Navigator Clients are the client components for IBM Content Navigator. These include the Edit Service, Sync Service, and IBM Content Navigator for Microsoft Office.

Content Platform Engine API

The Content Platform Engine API is the client API for the Content Platform Engine. This includes the Content Platform Engine API (Java and .NET) and Content Management Interoperability Service API.

Components will be displayed based on the type of Cloud instance you have (Express or Enterprise), the environments you have access to, and the role that you have. The following matrix shows when and which components will be displayed:

Express Instance

Role

Env Access

ICN

ICN Clients

ACCE

CPE Tools

CPE API

CPE User

Run

X

X

ACCE Designer

Run

X

X

X

X

CPE Administrator

Run

X

X

X

X

X

Enterprise Instance

Role

Env Access

ICN

ICN Clients

ACCE

CPE Tools

CPE API

CPE User

Dev

X

X

X

Test

X

X

Run

X

X

ACCE Designer

Dev

X

X

X

X

Test

X

X

X

Run

X

X

X

CPE Administrator

Dev

X

X

X

X

X

Test

X

X

X

X

Run

X

X

X

X

Getting Started

Getting your organization started with IBM Business Automation Content Services on Cloud generally follows this procedure:

  1. The user who is assigned the account administrative role receives an email invitation and follows the link to create and configure access to the instance.
  2. The account administrator invites new users. See Inviting users.
  3. Invited users activate their access by clicking the link in the email invitation that is sent to them when the account administrator invites them. See Activating your user access.
  4. Users log in to the IBM Business Automation Content Services on Cloud instance.
  5. Users set up and use the content management system according to business needs.
  6. Environment developers use the SCIM-based API to provision users and groups in the dedicated directory server in the cloud tenant space. See Provisioning the dedicated LDAP server.

Activating your user access

To activate your IBM Business Automation Content Services on Cloud user account, complete the following steps:

  1. Click the link in the email invitation that you received to create your account.
  2. Provide the information to activate your access:
    • Your user ID is always your email address.
    • Enter your given name and surname.
    • If you do not already have a password, you are prompted to enter a new password for your account.

      Important: You are prompted to change your password every 90 days. If you reset your password, the temporary password expires after an hour.

  3. Click Activate. If you have access to more than one instance of Business Automation Content Services on Cloud, you will see a list of your subscriptions. Select the instance that you want to work in.

    When you are inside the instance you want to work with, you see the Work tab by default. On the Work tab, you can access the environments inside the instance. If you are assigned the Account Administrator role, you also see the Admin tab.

  4. Set your given name and surname. Go to your Profile page and type in your given name and surname. Then click Update.
  5. Optional: To manage roles and groups for subscription members, click the Admin tab.

You can update profile information such as your name, surname, phone number, or language by clicking your name and then User Profile from the menu bar. You cannot change your user name, which is your email address.

Managing Accounts

As an account administrator, you are responsible for managing both user and service accounts.

User accounts

You invite users by email to access IBM Business Automation Content Services on Cloud and create a user account. The user account is identified by an email address. After accounts are set up, you assign roles and permissions to users so that they can do their work.

When a user activates an account, personal data, such as the user's email address, given name, and surname, are stored in the IBM Business Automation Content Services on Cloud user management platform. As the user interacts with the content management environment on the instance, personal data is also stored in that instance.

The European Union General (EU) Data Protection Regulation (GDPR) includes a requirement that individuals have a right to be forgotten, for example, when they leave the company. When you remove a user from an IBM Business Automation Content Services on Cloud instance, by default the user's personal data is removed from that instance and the user management platform. If the user has an account on more than one instance, you must remove the user from each of these instances too.

Service accounts

For client applications, a service account is the equivalent of a user account. You create a service account by generating the corresponding service credentials that consist of a functional ID and password. Client applications require these credentials to access the IBM Business Automation Content Services on Cloud environment. A service account is identified by a functional ID and it can be used by one or more client applications. For more information, see Managing service accounts.

Inviting users

To add users to your IBM Business Automation Content Services on Cloud environment, complete the following steps:

  1. Log in to IBM Business Automation Content Services on Cloud at Digital Business Automation on Cloud. Select the appropriate subscription, if you have more than one.
  2. Click Admin > User Management, then click Invite Others.
  3. Enter the email address for the user, or users, that you want to add. Provide the email address, or addresses, in the following format: local-part@domain, for example, John_Doe@mycompany.com. You can either type email addresses or you can paste copied email addresses into this field. If you add multiple email addresses, separate the entries with a comma or space, or add one email address per line.

    Restriction: The local part of the email address can contain the following characters: A through Z, a through z, 0 through 9, . (period), - (dash), and _ (underscore).

  4. Click Invite.

    The user you have invited is granted access to the Run environment by default. Grant access to the other environments by checking the box under the corresponding column.

Assigning role-based administration access

After a user activates their account, you can assign role-based administration access as applicable.

To assign role-based administration access to a user:

  1. Log in as an Account Administrator.
  2. Click Admin > User Management.
  3. Assign or remove role-based administration access to a user by clicking the name of that user. If you do not see the name of that user, make sure the user has already set the given name and surname from the Profile page. The following roles apply:
    • Content Platform Engine Class Designer (ECMoC_Client_ACCE_ClassDesigner)
    • Content Platform Engine Application Designer (ECMoC_Client_ACCE_ApplicationDesigner)
    • Content Platform Engine Administrator (ECMoC_Client_CPE_Administrator)
    • IBM Content Navigator Desktop Administrator (ECMoC_Client_ICN_DesktopAdmin)

When you assign a role to a user, that user is added to the corresponding group in the dedicated LDAP directory in the Cloud instance. If that user has already logged into the Administration Console for Content Platform Engine or IBM Content Navigator, the role change is not immediate due to the Content Platform Engine user token cache. This cache stores a local copy of the mapping from a security principal (a user or group) to its list of security IDs (SIDs) used by Content Platform Engine to authorize the principal. Maintaining this information in the user token cache means Content Platform Engine does not have to retrieve the information from the dedicated LDAP directory every time it needs information about a user. The user token cache Time To Live (TTL) attribute is set to 1 hour. For more information, see Security Caching.

For the Content Platform Engine Class Designer role, the Content Platform Engine Application Designer role, and the Content Platform Engine Administrator role, only one can be selected at any time. The Content Platform Engine Administrator role already includes all the privileges of the Application Designer or Class Designer role. The Content Platform Engine Application Designer role already includes all the privileges of the Class Designer role. For more details about the Content Platform Engine Application Designer and Class Designer roles, see the following information: Designer group access.

You can also create additional Account Administrator users.

Setting the password for the Content Platform Engine Administrator role

If you are assigned the Content Platform Engine Administrator role, you must set your password in the dedicated LDAP directory. Make sure this password is the same one you already set for your Business Automation Content Services on Cloud user account when you activated your account. See Activating your user access for more details.

To set the password:

  1. From inside the instance, go to Profile.
  2. Click the Admin Console tab.
  3. Type the password and click Set.

Managing service accounts

A service account is used by client applications to authenticate to the IBM® Business Automation Content Services on Cloud environment. Create a service account by generating service credentials.

To create a service account:

  1. Log in as an Account Administrator.
  2. Click Admin > User Management.
  3. Create the credentials for the service account. On the Service Credentials page, click CREATE CREDENTIALS, and give the service an alias. A functional ID alias can contain the following characters: A through Z, a through z, 0 through 9, . (period), - (dash), and _ (underscore). The functional ID and password are displayed.

    Important: The credentials are displayed only when you create them. If you close the window without copying the credentials, you cannot display them again, and you must create a new set. Save the credentials by clicking COPY TO CLIPBOARD.

Creating usage reports

You can view information about usage on your IBM® Business Automation Content Services on Cloud instance. You can also generate reports about user volume over periods that you specify.

To create usage reports:

  1. Log in as an Account Administrator.
  2. Click Admin > Reports.
  3. Select the report type and the reporting period, then click Update to generate the usage report.

Managing Operating Environments

You can manage your IBM® Business Automation Content Services on Cloud environments. You can retrieve and view log files, upload a Content Navigator plugin jar file, and restart components. To manage operating environments, you must have the Operator role which is granted by the Account Administrator.

To grant the Operator role to a user:

  1. Log in as an Account Administrator.
  2. Click Admin > User Management.
  3. Search the user to be granted the Operator role. Select the Operator role checkbox.

To manage operating environments:

  1. Log in as Operator to IBM Business Automation Content Services on Cloud.
  2. Click Admin > Operating Environment Management.
  3. Click the tab for the environment you want.

The following options are available on the Operating Environment Management page:

Option

Description

Environment

Log Retrieval

You can retrieve log data for components in your environments. You will see a log retrieval history table with the following information:

  • Component for which the log was requested
  • Time when the log was requested
  • Operator who made the request
  • Status of the request

A log is ready to download when its status changes to Download. Log retrieval might take some time. Refresh for the latest status. Logs can be deleted after successful downloads. You can also delete the logs without downloading them.

Development, Test, Run

IBM Content Navigator Plug-in Upload

You can upload IBM Content Navigator plug-ins to your environments. The plug-in should not exceed 300MB. Once the plug-in is uploaded, it is ready for deployment in the /opt/ibm/plugins directory on the IBM Content Navigator Administration desktop.

Development, Test, Run

Component Restart

You can restart the components in your environments. The component restart might take some time to complete. These scenarios are examples where restarting a component can be useful:

  • You want configuration changes to take effect immediately. For example, you have made role changes and do not want to wait for existing user token cache to expire.

    See Assigning role-based administration access for more details.

  • You are developing and testing custom IBM Content Navigator plug-in code. You have encountered issues with a specific component due to custom code.

Development, Test, Run

Administering Content Platform Engine

If you are assigned the Content Platform Engine Administrator role, you will be able to get access to the Content Platform Engine Administration Tools. See Components.

As a Content Platform Engine Administrator, you are part of the ECMoC_Client_CPE_Administrator group in the dedicated LDAP directory in your Cloud instance. This means that you have full administration access to the object store provisioned for your instance, including the workflow system. The object store level security is configured as follows:

  • ECMoC_Client_ACCE_Class_Designer (group) - Full Control
  • ECMoC_Client_ACCE_Application_Designer (group) - Full Control
  • ECMoC_Client_CPE_Administrator (group) - Full Control
  • ECMoC_Client_CPE_User (group) - Use object store

The ECMoC_Client_CPE_User is the LDAP group for all of your users who need to access the object store. You can add a user to this dedicated LDAP server in the following two ways:

  • When a user is invited by the account administrator via the User Portal using email address. See Inviting users .
  • When a user is provisioned via the user and group provisioning API by your own custom application. In this scenario, your custom application needs to ensure the user is added also to the ECMoC_Client_CPE_User group via the user and group provisioning API. See Provisioning the dedicated LDAP directory.

As a Content Platform Engine Administrator, you have access to the Administration Console for Content Platform Engine, FileNet Deployment Manager, Process Designer and other Process tools. For FileNet Deployment Manager, Process Designer and other Process tools, see the instructions in the Content Platform Engine Tools package. You can download the Content Platform Engine Tools package from the Work tab after you log into your instance.

When you use the Administration Console for Content Platform Engine as a Content Platform Engine Administrator user, special considerations apply. See the attached document for details.

Administering IBM Content Navigator

If you are one of the initial account administrators invited to your Cloud instance, you are also automatically added to IBM Content Navigator as an administrator. As an IBM Content Navigator administrator, you have full access to the IBM Content Navigator administration settings. You can also add others as administrators to IBM Content Navigator. See the attached document for the special considerations that apply.

You can also enable desktop administration for IBM Content Navigator. You can use the pre-provisioned ECMoC_Client_ICN_DestopAdmin group in the dedicated LDAP directory in your Cloud instance. Refer to Configuring a desktop administration role for more details on how to configure IBM Content Navigator desktop administration.

Provisioning the dedicated LDAP directory

Your Content Services on Cloud instance comes with a dedicated LDAP directory. Using Content Services on Cloud requires a user registry in your tenant space where you provision cloud users and groups. You can use the SCIM-based REST API to automate this provisioning.

The SCIM-based REST API helps you manage user or group identities in a cloud-based application. You can add a user or group, delete a user or group, or check whether a particular user or group already exists in your Content Services on Cloud user registry by using API calls.

For information on using the SCIM-based REST API for managing users and groups, see the attached guide.

You can also use the API to facilitate a bulk-import of users from your established directory server to the user registry in your Cloud instance. See the attached code samples that illustrate this method.

Developing Content Management Interoperability Services Applications with Content Services on Cloud

Content Management Interoperability Services (CMIS) is an open source OASIS standard that enables applications to work with one or more content management systems. CMIS defines a standard domain model and standard set of services and protocol bindings for web services and RESTful AtomPub. You can develop applications using the CMIS API to work with Content Services on Cloud.

The attached archive file, CMISClient_Sample.zip, provides additional instructions and sample code.



Attachments

Content Services on Cloud User and Group Management API Guide.pdf

SCIM_samples.zip

CMISClient_Sample.zip

BACSoC_ICN_ACCE_AdminSettingsNotes.pdf

Document information

More support for: IBM Business Automation Content Services on Cloud

Component: --

Software version: Version Independent

Operating system(s): Platform Independent

Reference #: 7050963

Modified date: 09 April 2019