General Help Series 2-Permissions (Would the Object allow me to do this)

Permissions 

At the outset a Livelink system represents some vestiges of a File System like Unix or Dos.People having worked in that is probably familiar with the term U G O which stood for User,Group,Others.This is what you see in the std permission bit of an object on its ACL. Every object has one ,many times you set the container object right and let the inheritance trickle in.In many places if you set it right you can forget it.But if you install livelink Out of the Box and has no training or nobody to watch it over you are probably going to end up in rogue territory.This is because the user ‘Admin’ and ‘Default Group’ has very high permission bits set.Out of which the owner is a role,so if you start a folder where Admin did not willfully do the permissions set normalization and if you gave ‘Appu’ creation privileges  for folder when ‘Appu’ creates objects he becomes owner who is very powerful and so on.Now this could be argued as not a big problem until it runs amok.So what a good permission model is Owner See,See Contents or Nothing,Group See,SC or Nothing and PA,S,SC or nothing.Now you will create administrative groups something simlilar to these discussions and you will be fine.

Always rely on proper groups that you can create and maintain in a directory service (AD is very common) and have those groups synchronized in.It is quite possible that HR systems release feeds into Directory services hence when users leave your organization they will go as well.There will be no permission problems because the real administrative group has overriding permissions that the owner based approach.Simple try it and  you will be happy and 50 % of your help desk tickets will come down.

This is what one hears in OpenText engagements as “Community Modelling” well my next part will cover object truth tables as well.

Permissions bit use BitWise logic in FileSystems as well as livelink does recently a programmer told me he finds the awesome bitwise logic un understandable.I just thought wow where is the programming world heading into 🙂

There is nothing wrong in owner having high permissions so long as the administration is willing to support it and understand it.

Security Clearance and Supplemental Markings are OT’s way of securing against inheritance rules in big hush hush organizations.

Advertisements

About appukili

Oscripter and Livelink aficionado
This entry was posted in content server, content server permissions, content server privileges, content server records management, content server taxonomy, livelink permissions, livelink taxonomy and tagged , , , , , , . Bookmark the permalink.

3 Responses to General Help Series 2-Permissions (Would the Object allow me to do this)

  1. greg says:

    The other thing to think about is Internal v External users, even if initially you are internal only, its easier to create an ALL INTERNAL USERS group and use that in place of the PUBLIC ACCESS that it is to unpick it all when you allow external users in.

    • appukili says:

      Yes in many places I create a massive group called ORG-ALL,then subdivide it to ORG-EMP,ORG-CONTRACTORS,then if you nest all your other groups into ORG-EMP,ORG-CONTRACTORS then we can create a company wide link to say something .Just like PA

  2. Pingback: General Help series 4 | Appukili's Weblog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.