1

I searched a lot about mandatory access control lists and i did not find useful information about how to apply in . i need to know the steps and how to configure.
I already had Documentum CS 7.3 with TCS license enabled and i tested it by applying esignature on pdf document

allows you to dynamically apply to objects depending on specific conditions.

Example 1:

Software developers are assigned read permission on documentation documents

  • Team Leads are assigned write permission on documentation documents.
  • Project Managers are assigned delete permission on documentation documents.

Example 2:

while Users are located in US

  • users are assigned a write permission on documents under US cabinet and read permission on documents under all other cabinets e.g: UK, Egypt, UAE.

If Users logged in from another network location like UK

  • Users are assigned write permission on documents from UK cabinet and * read permission * on documents under all other cabinets.
Miki
  • 2,493
  • 2
  • 27
  • 39
Mahmoud ElKeshky
  • 21
  • 8

3 Answers3

1

I found The answer to my question by using:

the Required Group, and Required Group sets

where you can give some users some permissions and apply it only if they are members of a specific group only.

  • Required Groups
    (Users/Groups must be a member of all listed groups to access this item)

  • Required Groups List
    (Users/Groups must be a member of at least one of the listed groups to access this item)

I found an issue with EMC's documentation documents:

It states that in order to benefit from Trusted Content services Capabilities you must have TCS license installed. but, practically whether you installed the TCS license or not you can create dynamic ACLs and benefit from the group membership restriction. (practically TCS is not required "case was Tested", and there is misleading information about Dynamic ACLs usage and implementation) no scenario is provided

Community
  • 1
  • 1
Mahmoud ElKeshky
  • 21
  • 8
0

Sorry, but from your question one could assume that there is something called mandatory ACL within Documetnum platform. However there isn't - AFAIK. There are several ways with which you can dynamically apply ACL or in terminology of Documentnum platform permission set.

Based on repository configurable parameter:

  • inherit from object type
  • inherit from user who created object
  • inherit from parent folder

If this doesn't fits you you can write TBO (Type Based Object) code which acts as trigger and runs your custom logic. There are other ways to achieve what you want but you need to be more specific about your requirement.

Miki
  • 2,493
  • 2
  • 27
  • 39
  • As per EMC Documentum Security and trusted content services white paper, documentum TCS can enforce sec. and individual access control policies to establish access control provisions such as "need to know" or "top secret", combining individual access clearances with project-specific sec. measures. this feature can be used for mandatory access control (MAC), giving the org the ability to control the privileges on content, rather than allowing users to set discretionary privileges. additionally, access controls can be dynamic, depending on changing factors such as user's role or geog. location. – Mahmoud ElKeshky Feb 21 '17 at 12:59
  • could u please tell me what are the suggested edits as i do not see them. to have an action – Mahmoud ElKeshky Feb 21 '17 at 13:01
  • sorry seems that TCS security is out of scope of "basic" Documentum security. I can't help you – Miki Feb 21 '17 at 13:29
  • 1
    Thank you and I appreciate your efforts, actually though there were not steps or scenario to demonstrate it but i reached the answer (between the lines) with one of the documentation documents, i will provide a scenario and post it soon – Mahmoud ElKeshky Feb 21 '17 at 14:32
0

If your client is D2, you can utilize the dynamic permission model based on documents attributes. This way you can achieve what you are asking for.

Henning Winter
  • 101
  • 4
  • Actually my question has nothing to do with D2, my question is concerned about the Documentum Trusted content Services and how to apply dynamic ACLs, configuring permission sets (ACL) is done from DA. – Mahmoud ElKeshky Feb 22 '17 at 14:39