About this task
When you configure IBM® CMIS
for Content Manager, the configuration program
or PathModelCreate tool creates predefined sets of item types, including
CmisDocument and ClbLibrary. The CmisDocument item type is optimized
for IBM CMIS
for Content Manager and is
used to create documents in Content Manager EE.
The ClbLibrary item type is used to create libraries for browsing
folders.
The CmisDocument and ClbLibrary item types are assigned
the default access control list (ACL) of the administrator user ID.
For example, if the administrator user ID icmadmin is
defined with the default ACL of PublicReadACL,
the CmisDocument and ClbLibrary item types are assigned the default
ACL of PublicReadACL.
To access individual
libraries, items, and folders, your users must be able to see the
model. For example, users cannot view a library list without access
to the library item type. With private drafts enabled, users cannot
update documents without access to the draft item type. If the default
ACL allows only administrators to see the IBM CMIS
for Content Manager model and default library,
you must modify the default ACL definitions to grant users access.
To
enable users to access content on your
IBM Content
Manager repository, you must make
the following modifications:
- Adjust access control to grant access to your users
- Adjust item type defaults for default storage location and other
item type preferences
- Define a library that non-administrative users can access
You might change the default ACL of the predefined item
types and create other libraries where you specify different ACLs.
For example, you might want to control access to items or libraries
by providing different ACLs for different departments or teams. You
can view and modify the access control list by using administration
tools, such as the Browser tool. To add read or write permissions
to various users, you can edit an existing ACL, or you can change
the item types and libraries to use a different ACL.
Tip: The
LibraryCreate tool interactively guides you through the ACL selections
and displays the users and groups that are granted access with each
selection. The tool also helps you understand which users can view
or edit the model item types and libraries.
- Use the system administration client on the Content Manager EE system, define the users
and user groups, and set the associated permissions. Users
must have basic functional permissions to search for and retrieve
items.
For example, to grant read access, create
the user and set the maximum privilege set to ClientUserReadOnly,
which is also the default privilege set in Content Manager EE.
To grant edit access,
create a privilege set that has the same privileges as the ClientUserEdit
privilege set and the ItemSetSysAttr privilege.
- Define ACLs so that you can grant users access and permissions. You must define ACLs so that you can grant your users the ability
to see the IBM CMIS
for Content Manager model
item types.
For example, to grant read access,
assign the user to the ACL with ClientUserReadOnly as the privilege
set. Alternatively, assign a user group to the ACL, and then add the
user to the user group.
To grant edit access, assign the user
to the ACL that you created that has the same privileges as the ClientUserEdit
privilege set and the ItemSetSysAttr privilege. Alternatively, assign
a user group to the ACL, and then add the user to the user group.
Tip: If you assign a user group to the ACL, you can give access
to a new user by adding the user to the user group without updating
the ACL.
- Set the default ACL for each user. When the user creates
a document or folder, the default ACL for the document or folder is
set to the default ACL for the user. Use the same default
ACL for users who collaborate so that they can share documents and
folders. If you do not use the same default ACL, users can share documents
and folders only if granted access by the document or folder creator's
default ACL.
Tip: The recommendation for default ACL inheritance
is to use the aclInheritance property, rather
than by setting each user’s default ACL.
- Change the item type ACL on the following IBM CMIS
for Content Manager model item types to
grant users access:
- ClbApplication
- ClbLibrary
- ClbFolder
- ClbDraft
- CmisDocument
- ClbSavedSearch
If you did not specify the ACL during configuration, you must
change the item type ACLs to enable users to see the IBM CMIS
for Content Manager model.
- Set the ACL on the custom document types that you want
users to be able to use. If you want your users to use
the custom document types that you defined, or if you use CmisDocument
as the default document type, grant users access to CmisDocument.
- Adjust each item type's default ACL choice option to be
either the item type's default ACL or the user's default ACL. The default ACL choice option determines which default ACL
is used for any new item that is created for the item type. For core
model item types, the default ACL choice is set to the user's default
ACL. For custom item types, the default ACL choice is set to use the
item type's ACL. For example, if the document type
default ACL choice is set to the user's default ACL, then the user's
default ACL is applied to any documents that the user creates.
- Adjust the item type default storage locations for binary
content, resource manager and SMS collection, for the following document
types:
- ClbDraft
- CmisDocument
- Any custom document type that supports binary content
The first storage location that is created by the original Content Manager EE server installation is assumed
to be valid. However, if the first location that was created is not
valid for your system, you might need to specify another storage location.
What to do next
When you run the
IBM Content
Navigator Configuration
and Deployment tool or the PathModelCreate tool, the default library
that is created uses the administrator's default ACL. Depending on
the administrator's default ACL, non-administrative users might not
have access the default library. You can use the default library to
complete your initial validation and troubleshooting, but users cannot
access the default library.
Complete the following steps on the
IBM CMIS
for Content Manager system:
- If during configuration you did not specify
an ACL that non-administrative users can access, then use the LibraryCreate
tool to create at least one library that non-administrative users
can access. For optimal behavior, use CmisDocument for the default
document type for the library.
Users can view or edit the new libraries
when the libraries are created. You do not need to restart the services
after you create new libraries.
- Optional: Mount new or existing folders under CMIS root other than the Content Manager EE root.
The repository
root library maps to the Content Manager EE repository
root and uses the Content Manager EE root
folder ACL. If you want users to have access to the repository root
library, you must edit the Content Manager EE repository
root ACL to grant users access. If you do not want users to see the
repository root as a library, either edit the Content Manager EE repository root ACL to remove
users, or change the ACL.
- If not already started, start your application server and start
the IBM CMIS
for Content Manager application.
Open a web browser and go to http://hostname:port/cmcmis/index.jsp.
Expand the Service Collection URLs and browse
with your default browser.
- Expand the root. The link to the default library group is displayed.
When you click the default library group link, the default libraries
are displayed as the next level of child folders.