Many times Administrators and users do things stupidly and want to cover their tracks quickly and without creating unwanted attention.Most people working with livelink know that the application is responsible for the data integrity and referential integrity.So to do any proper reversal you would need to script something back.But again here you are at a disadvantage.If you resort to standard OT support the maximum you are going to get is “you have an error that is not easily fixable and we would recommend you to fix it with our professional services team”.To a org or a small company they do not have that many resources or money to do that,hence the administrator or a power user turned developer would try to see if something can be done.Lo and behold the KB is consulted and most members who would like to show off will post in their comments.Now that goes for me also because there isn’t a day that goes by when I cannot respond to something.However I am very judicious when I tamper with the livelink database.That is really because I understand oscript and I see the many myriad transactions that happen when it is working,doing upgrades and such.But in many organizations people are well versed in Live Reports and many now have the Web Reports product which is an excellent alternative to certain kinds of programming or utility programs .This is where the start of the problems happen.Say you accepted a bad advice like fixing a column or data point in a table that the “learned KB people” advised,you would not probably notice this way into months or years at part of a upgrade so what you did in earnest will land you in irrecoverable or costly difficulties.So RESIST the urge to change values in OT given tables.If it is your table and you are responsible for it do so by all means.There is no problem with you playing in a VM and understanding it but just don’t think that touching llattrblobdata or llattrdata is all it requires to do category updates 🙂
That doesn’t absolve OT as a company,it is expected to do its fair share.Somethings might be
Perhaps with support paid the customer gets 10 free incident fixes. OT absorbs the development cost and passes the solution to a would be admin/dev in the organization.
A list of compiled easy to use reports and utilities,perhaps web reports, perhaps a compiled java app that uses REST or WSAPI or even a utility oscript module.
Some re-assurance from support to quell the panic and perhaps advise the customer to do another thing like tell them a deleted user/users necessarily need not be considered a panic situation.
I had a short stint working with Documentum and I did not know if the utilities it delivered were high priced like what OT does but it had a language called DQL (Documentum Query Language).So any guys who is knowledgeable on the schema could run reports and turn them into DQL commands which would basically honor data integrity and referential integrity for them.This is in a way WR does but it takes enormous patience and complexity to work with it which again would mean should I have developers supporting my application.I would advise WR people in OT to provide clear crisp examples 1 to 5 liners that should work with any livelink any schema,kind of a pre built library more like the canned Live Reports
I tested a user deletion today and tried to see what all tables would be affected so for KB users if you want to see it is here.hopefully I will find a cheap hosting provider to put my content and not in KB as I have been burned in my earlier attempts.
Privileges apply to you as the “user” versus permissions are what the Object allows a “user” to do.There are differences.For e.g for installing something in windows you need to be part of the “administrators” group similarly to install something you need to be in the “system administrators” group. A “administrator group user” has almost very high privileges to do things in a OS similarly they have a high degree of authority in livelink as well.So when a user is created we set at the minimum these privileges Login Enabled and Public Access So when a objects is accessed at run time livelink’s algorithm is does user have login,does user have PA and does Object have PA and what like S,or SC so it is a given that the user will be able to click the link. In very simple terms use PA effectively to address contents that is useful for the whole environment almost like using livelink as a glorified web server.
Now other things are self explanatory has User Creation,System administration and others leading to making Group Leaders etc.In short if you spend some time understanding the architecture you will be amazed and the simple but very effective thought being given into its devlopment.
The Add New Item Truth Table
The livelink system is replete with several subtypes some of the are very useful and harmless like folders,documents etc so nobody changes anything from default. However you would be very concerned if somebody go unauthorized access to Live Reports,workflows,form templates etc,so what I do is I will look at the personal workspace of a default user and see all the “New Items” being shown there.Then I evaluate what should a untrained user be allowed to create in my system.For all the complicated ones I will create a manual group called “r-Form Template Creators” and add ‘Admin’ to that.Now if I have trust to give a group or a user I would expand my group.So when these new person goes and he has permissionsto “Add Items,Reserve , Delete” this user will see “Form Template” there. However h(s)e moves to another folder where he has only “S,SC” he does not see it there.Note different object subtypes do different things.I am not keen to explain everything like Tasks,Discussions,Projects ec they are for you to explore and set right.Before releasing a system to production give a simple user access and do some Gorilla Testingthat will help you more than the amount of money spent on stress testing.Obviously you should have at laest oe or two good front ends and a good beefy admin server to do your search stuff.
At the outset a Livelink system represents some vestiges of a File System like Unix or Dos.People having worked in that is probably familiar with the term U G O which stood for User,Group,Others.This is what you see in the std permission bit of an object on its ACL. Every object has one ,many times you set the container object right and let the inheritance trickle in.In many places if you set it right you can forget it.But if you install livelink Out of the Box and has no training or nobody to watch it over you are probably going to end up in rogue territory.This is because the user ‘Admin’ and ‘Default Group’ has very high permission bits set.Out of which the owner is a role,so if you start a folder where Admin did not willfully do the permissions set normalization and if you gave ‘Appu’ creation privileges for folder when ‘Appu’ creates objects he becomes owner who is very powerful and so on.Now this could be argued as not a big problem until it runs amok.So what a good permission model is Owner See,See Contents or Nothing,Group See,SC or Nothing and PA,S,SC or nothing.Now you will create administrative groups something simlilar to these discussions and you will be fine.
Always rely on proper groups that you can create and maintain in a directory service (AD is very common) and have those groups synchronized in.It is quite possible that HR systems release feeds into Directory services hence when users leave your organization they will go as well.There will be no permission problems because the real administrative group has overriding permissions that the owner based approach.Simple try it and you will be happy and 50 % of your help desk tickets will come down.
This is what one hears in OpenText engagements as “Community Modelling” well my next part will cover object truth tables as well.
Permissions bit use BitWise logic in FileSystems as well as livelink does recently a programmer told me he finds the awesome bitwise logic un understandable.I just thought wow where is the programming world heading into 🙂
There is nothing wrong in owner having high permissions so long as the administration is willing to support it and understand it.
Security Clearance and Supplemental Markings are OT’s way of securing against inheritance rules in big hush hush organizations.