General Help Series 3-Privileges (Am I allowed something)

Privileges

Privileges apply to you as the “user” versus permissions are what the Object allows a “user” to do.There are differences.For e.g for installing something in windows you need to be part of the “administrators” group similarly to install something you need to be in the “system administrators” group. A “administrator group user” has almost very high privileges to do things in a OS similarly they have a high degree of authority in livelink as well.So when a user is created we set at the minimum these privileges Login Enabled and Public Access So when a objects is accessed at run time livelink’s algorithm is does user have login,does user have PA and does Object have PA and what like S,or SC so it is a given that the user will be able to click the link. In very simple terms use PA effectively to address contents that is useful for the whole environment almost like using livelink as a glorified web server.

Now other things are self explanatory has User Creation,System administration and others leading to making Group Leaders etc.In short if you spend some time understanding the architecture you will be amazed and the simple but very effective thought being given into its devlopment.

The Add New Item Truth Table

The livelink system is replete with several subtypes some  of the are very useful and harmless like folders,documents etc so nobody changes anything from default. However you would be very concerned if somebody go unauthorized access to Live Reports,workflows,form templates etc,so what I do is I will look at the personal workspace of a default user and see all the “New Items” being shown there.Then I evaluate what should a untrained user be allowed to create in my system.For all the complicated ones I will create a manual group called “r-Form Template Creators” and add ‘Admin’ to that.Now if I have trust to give a group or a user I would expand my group.So when these new person goes and he has permissions to “Add Items,Reserve , Delete” this user will see “Form Template” there. However h(s)e moves to another folder where he has only “S,SC” he does not see it there.Note different object subtypes do different things.I am not keen to explain everything like Tasks,Discussions,Projects ec they are for you to explore and set right.Before releasing a system to production give a simple user access and do some Gorilla Testing  that will help you more than the amount of money spent on stress testing.Obviously you should have at laest oe or two good front ends and a good beefy admin server to do your search stuff.

Advertisement

General Help Series 2-Permissions (Would the Object allow me to do this)

Permissions 

At the outset a Livelink system represents some vestiges of a File System like Unix or Dos.People having worked in that is probably familiar with the term U G O which stood for User,Group,Others.This is what you see in the std permission bit of an object on its ACL. Every object has one ,many times you set the container object right and let the inheritance trickle in.In many places if you set it right you can forget it.But if you install livelink Out of the Box and has no training or nobody to watch it over you are probably going to end up in rogue territory.This is because the user ‘Admin’ and ‘Default Group’ has very high permission bits set.Out of which the owner is a role,so if you start a folder where Admin did not willfully do the permissions set normalization and if you gave ‘Appu’ creation privileges  for folder when ‘Appu’ creates objects he becomes owner who is very powerful and so on.Now this could be argued as not a big problem until it runs amok.So what a good permission model is Owner See,See Contents or Nothing,Group See,SC or Nothing and PA,S,SC or nothing.Now you will create administrative groups something simlilar to these discussions and you will be fine.

Always rely on proper groups that you can create and maintain in a directory service (AD is very common) and have those groups synchronized in.It is quite possible that HR systems release feeds into Directory services hence when users leave your organization they will go as well.There will be no permission problems because the real administrative group has overriding permissions that the owner based approach.Simple try it and  you will be happy and 50 % of your help desk tickets will come down.

This is what one hears in OpenText engagements as “Community Modelling” well my next part will cover object truth tables as well.

Permissions bit use BitWise logic in FileSystems as well as livelink does recently a programmer told me he finds the awesome bitwise logic un understandable.I just thought wow where is the programming world heading into 🙂

There is nothing wrong in owner having high permissions so long as the administration is willing to support it and understand it.

Security Clearance and Supplemental Markings are OT’s way of securing against inheritance rules in big hush hush organizations.