Start of changeIBM Content Navigator, Version 2.0.3     Supports:  FileNet Collaboration Services

Security permissions mapping in IBM FileNet Collaboration Services

IBM® FileNet® P8 provides fine-grained control over what users and groups can do with documents, folders, and other objects.

If a client application user attempts to complete an action in the application for which the user does not have permission, the server returns an error. This security is enforced at the repository level in IBM FileNet P8.

IBM FileNet Collaboration Services implements a mapping from the IBM FileNet P8 permissions on each document to the client application permissions so that the applications can display appropriate user actions and enable document and folder access rights as determined by the library administrator.

Security permissions mapping from IBM Connections to IBM FileNet P8

When a client application supports role-based security with Content Platform Engine, each client application role maps to a specific group of permissions for the authorized document or folder. A single IBM FileNet P8 permission or unsupported grouping of permissions on the object does not grant a role in the client application. For each document or folder, an IBM Connections user can see only the roles that are applicable to the work of the user in the community library.

The following table lists community roles in an IBM Connections library, the IBM FileNet P8 permissions that are granted to each role, and the corresponding application capabilities.

Table 1. IBM Connections community roles and IBM FileNet P8 permissions
IBM Connections community role IBM FileNet P8 permission Capabilities in the IBM Connections library
Community owner
  • WRITE_ACL
  • READ_ACL
  • WRITE
  • DELETE
  • CREATE_CHILD
  • LINK
  • UNLINK
  • READ
  • VIEW_CONTENT
  • MAJOR_VERSION
  • MINOR_VERSION
  • Set access rights of all community members.
  • Read/write access to all documents and folders.
  • Delete any documents or folders.
  • Global permissions to view, change, or delete document properties, tags, comments, download counts, and recommendations.
  • Copy documents from a library folder to another.
Editor
  • WRITE
  • DELETE
  • CREATE_CHILD
  • LINK
  • UNLINK
  • READ
  • VIEW_CONTENT
  • MAJOR_VERSION
  • MINOR_VERSION
  • Read/write access to all documents.
  • Publish own documents.
  • Edit document properties, tags, comments, download counts, and recommendations.
  • Copy documents from a library folder to another.
Contributor
  • CREATE_CHILD
  • LINK
  • UNLINK
  • READ
  • VIEW_CONTENT

The contributor role is significant for the whole library or for specific folders only.

  • Publish own documents in the library or designated folder.
  • Create folder (if contributor role is at the library level).
  • Read/write access and deletion capability on own documents.
  • Read access to published documents.
  • Copy own documents from a library folder to another if the user has the contributor role for a library.
Reader
  • READ
  • VIEW_CONTENT
  • Read access to published documents.
  • View document properties, tags, comments, download counts, and recommendations.
  • Post comment on a document.
Parent topic: Implementation details for IBM FileNet Collaboration Services
End of change