In Knowledge Management, security managers ensure the protected access of repository content.
If you specified a security manager when configuring a repository manager, permission checks take place when users access folders and documents. A user who does not have the requisite permissions cannot access the objects in question.
You can specify a security manager when you configure a repository manager .
The following security managers are contained in the standard delivery.
Manages the ACLs for resources in the database and can be used for all repositories.
Manages access to the data stored in the KMC archiving store.
The Archiving Security Manager is preconfigured in the standard delivery. It provides super administrators and content administrators with read access to archived KMC data stored in the archiving store. To modify the default configuration, specify the roles for which you want to provide read access to the archiving store in the Roles with Archive Access parameter field. The role specification must be formulated as follows: <Location>/<Role_ID>
Use this security manager for archiving file system repository managers and archiving WebDAV repository managers.
These are enhancements of the ACL Security Manager that create specific limitations for access permissions to collaboration data stored in the repositories /attachment and /collaboration.
Used on a project basis for virtual rooms.
The security manager is used for limited access to collaboration resources (discussions, comments, and feedback) with the service permission Collaboration (see Defining Service Permissions ). Only users with this service permission can delete Collaboration resources.
It establishes a connection to the BW system and checks whether permissions for displaying or changing documents exist.
It establishes a connection to the BW system and checks whether permissions for displaying metadata.
Used by the reporting repository manager /reporting.
This security manager does not check access permissions itself; it passes on this task to the security manager entered in the configuration of the CM repository /reporting_backend.
Manages access permissions for tasks (in the CM repository /tasks) within and outside of Collaboration rooms. Portal users that use tasks outside of Collaboration rooms have full access permission as the owner or assignee of the tasks in question. This means that they can create, edit, and delete tasks. The access permissions are set as follows for tasks in Collaboration rooms: Room members who are owners or assignees of takes have full access (creating, editing, deleting). Room members who have no involvement in the tasks have only create and delete permissions. This means that tasks can also be processed in cases of absence.
Security manager used for the ACLs of the remote server.
It should only be used for WebDAV repository managers for which the remote server is also a portal with KM installed.
If a Web site is accessed using a Web repository, the Web server carries out the permission check. However, text snippets in the search results list and HTML preview of documents are located outside the Web server in CM. When a security manager is being used, users without permission to read a document cannot see text snippets in the search results list or the HTML preview for the document in question.
It should only be selected for Web repository managers whose content is indexed and can be searched. This security manager should not be implemented in scenarios in which searching in Web repositories is not planned.
Using this security manager can considerable hamper performance, since additional requests are sent to the Web server. You should therefore check that you need to use it and only implement it if the additional security really is required.
This security manager uses ACLs from WINDOWS → NTFS. It can be used for file system repository managers and CM repository managers that use the FSDB persistence mode.
It can be implemented alongside the following versions of the WINDOWS → operating system:
If using a portal on UNIX, you have to store a document in the configuration of the security manager, containing the following domain information for all WINDOWS remote servers that you access using file-system repository managers:
Parameter | Required | Description |
---|---|---|
Domain File |
No |
Specifies a text file containing the name of domains and IP addresses of relevant domain controllers. It contains information on every domain in which remote servers that you access using file-system repository managers are being used. These specifications are necessary so that permissions of users that exist on the WINDOWS remote servers are taken into account in the UNIX system. The entries must have the following syntax: <name of the domain>=<IP address of the corresponding domain controller> The file can be stored under any name in any directory on the UNIX portal server. For example: /files/companydomaincontrollers.txt The following entries are contained in the file: COMPANY_DOMAIN_A=192.168.32.51 COMPANY_DOMAIN_B=192.168.70.12 COMPANY_DOMAIN_C=192.168.86.16 |
The configuration of some security managers contains the following parameter for the JAVA class used for displaying permissions:
Parameter |
Required |
Description |
Permission Rendering Class |
Yes |
Specifies the Java class used to render the window in which the permissions are displayed. To call up this window, choose Settings → Permissionsin the Detailsdialog box for a resource. |
To call up the configuration of the security manager, choose System Administration → System Configuration → Knowledge Management → Content Management → Repository Managers → Show Advanced Options → Security Manager.