System Principals
Generally, access permissions for resources are specified through access control lists that apply to particular resources or collections. They are maintained in the respective resources. For more information, see Defining Permissions .
In addition, the system principals utility allows you to define permissions for users, groups, and roles that apply system-wide and independently of individual resources or collections. This is a convenient way of defining permissions that are not related to (specific) resources. These permissions are maintained in the CM configuration.
A user may be granted a permission either directly as a user, or indirectly as a result of permissions assigned to a group or a role. Users can be service users as well as people.
Parameters of a System Principal
| Parameters | Required | Description |
|---|---|---|
|
Name |
Yes |
Name of the system principal. The name must correspond to a portal user, group, or role. |
|
User Name |
Yes |
Name of the corresponding user as defined in portal user management. |
|
Change Resource Permissions |
No |
Defines whether the user is allowed to change permissions for a resource. |
|
Service ACLs |
No |
Determines whether the user has all service ACLs. |
|
Set System Properties |
No |
Determines whether the principal is allowed to set system properties on resources. |
|
Unlock Permission |
No |
Determines whether the user is authorized to remove external locks (that is, the user is able to remove document locks set by another user). This option should only be available for administrators. By default, this parameter is deactivated. |
|
Resource Permissions |
No |
Determines which permissions are always valid for this user. There are the following permissions: read, write, delete |
The KM standard configuration contains a number of users as predefined system principals, including service users for the subscription service and the index management service. You do not normally need to modify the configuration.
To specify system principals and their permissions, choose Content Management →Utilities →System Principals.
Like other users, groups, and roles, the KM system principals need to have been defined in the portal user management. The name of the system principal needs to be identical to the user name in the portal user management.
Permissions for an Administrator Role
Authorized to Change Resource Permissions = activated
Unlock Permission = activated
Resource Permissions = write, read, delete
Permissions for index_service User
Authorized to Change Resource Permissions = deactivated
Unlock Permission = deactivated
Resource Permissions = read