Documentum 6.5 compatible
Several people in the Documentum world think Client Capability (Consumer / Contributor / Coordinator / Administrator) is enforced by Documentum.
The fact is, content server does not enforce client capability (a.k.a roles). It’s something that client applications such as webtop can enforce it.
E.g: A consumer can not delete documents from Webtop, even though he has delete permission on the document. Of course nothing prevents him from deleting it via API / DQL.
A user with Sysadmin privilege has following abilities:
- It has lower privileges as well (Create Type, Create Cabinet, Create Group)
- It can activate/deactivate a user
- It can manipulate users and groups
- It can grant and revoke the lower privileges to other users
- It can create or modify system-level permission sets
- It can administer full-text indexing and repository
- It can manage lifecycles
- It can manipulate workflows
On the other hand, a user with Superuser privilege has the following features:
- It has Sysadmin privileges as well
- It can grant and revoke Sysadmin and Superuser privileges and extended privileges
- It can delete system-level permission sets
- It can become owner of all objects in the repository
- It can unlock checked out objects
- It can manipulate others’ custom types
- It can create null types (types with no supertypes)
- It can manipulate others’ permission sets
- It can query any underlying RDBMS tables, even if they are not registered
A set of members or other groups.
group_class is a single and string property of dm_group. Indicates what kind of group this group is.
- module role
- privilege group
A set of predefinied members ca be added and is active only for one session.
The property group_class is privilege group. A privileged group is a group whose members are allowed to perform privileged operations even though the
members do not have those privileges as individuals.
Roles and Domains are special kinds of groups.
Roles are enforced by client applications.
The Module role is a group and usesd internally for BOF mdules.
A domain identify all the roles that apply to an application
The members of a domain are roles.
For creating a group (dm_group object) you must have Create Group privilege and System Administrator client capability when using Webtop.
Exam question: Property in dm_user object to specify the role/group/domain?
Exam question: Who see private groups?
Answer: visible for group owner and sysadmins
Exam question: Minimun of properties to create a user in DA (default / out of the box)?
User Login Name
Client capability is preselect: Consumer
Privileges preselect: none
Ext Privileges: none