Inherit from WHO?

Posted on September 29, 2006 by johnnygee

The “Inherit from” server config setting is sometimes misunderstood or not even known. This security setting defines the default acl that will be assigned a newly created object that do not have an acl explicitly assigned to it. There are three options available for this setting: folder, type, and user. The default setting – inherit from user – will assign the acl defined in default_acl attribute for dm_user object to newly created objects. Since this setting works most of the time, most developers and administrators are not aware of this security mechanism.

The other two options are:

  • Inherit from type – document gets acl that corresponds to default acl assigned to the object type definition
  • Inherit from folder – documents gets acl_name that corresponds to acl_name assigned to the parent folder

Why should you care about this setting?

By using inherit from user, you potentially give the user the ability to grant/revoke permissions on individual documents. This leads to creation of unique acl for every document in the repository. The more acls that are created, the longer it takes for server to look up an acl to validate against. It is not uncommon for systems who have inherit from user to have 100,000s acls.

Inherit from type based is better than user, in that it is more likely to map to real world scenarios and the number of acls = number of types. For example, only accounting dept should have permissions on financial document. The problem with using this setting is that you have define a default acl for every sysobject object type in the repository (beyond just your custom types). The simplicity of this setting also makes it not very flexible. If you want to aggregate permissions for accounting dept, you would have to create more object types.

Inherit from folder mimics the typical permission inheritance that are used in most file systems. This setting is better than type, but requires management of acls at the folder level. The implication of this is that a user has to be careful where he/she imports a document.

In my experience, the best solution is to use TBOs (Type-based Business Objects) in conjunction with inherit from folder setting. TBOs allow you to explicitly define business rules on which acls to assign to which object types. Inherit from folder setting will allow you to persist the security on folder objects without the need to create a folder TBO.

Filed under: Design | 9 Comments »

Momentum Anaheim 2006 – Whats Coming in D6

Posted on September 26, 2006 by johnnygee

For those of you that were not able to make it to Momentum, you missed a lot. This year’s user conference covered a lot of new and exciting features coming in D6, as well as the various software applications that EMC has acquired in the past year. Here are some of the highlights with the following disclaimer – all of the information that was presented may/may not make it into D6 depending on final testing and quality assurance.

Content Server

  1. Native Java DMCL
  2. Web services support based on iECM standard
  3. Aspect support for extending object behavior and attributes

Webtop

  1. Significant enhancements in GUI – using Ajax, keyboard shortcuts, and greater user configuration settings (aka custom presets)
  2. Offline document editing and synchronization capabilities
  3. Improved Drag and Drop and Application Connector features

Web Publisher

  1. Introduction of Page Builder – tool for non-programmers to build web pages
  2. Web archiving for site compliance

Application Builder/Installer

  1. Re-factored as Eclipse plug-in!!!
  2. Docapp components will be saved as ASCII text

eRoom

  1. Rewritten to take of core D6 web services
  2. GUI rewritten to use ASP.NET

Sharepoint integration

  1. Tighter integration with DCTM content server
  2. Support for DCTM Records Management via Sharepoint interface

New Products

  1. Archive Server – built to support Archive Services for Email and designed to ingest 100,000s objects (eg emails) per day
  2. Embedded Server – designed such that partners built solutions and distribute everything as “appliance”
  3. Virtual Repository – support for legacy ECM and/or shared folders; creates proxy for object mapping and tracking
  4. Rights Management – wraps content such users have to query policy server to view, copy, print, and discontinue use of document. This ultimately ensures that users have the correct version.

If you are developer, you will greatly appreciate the new features in D6 – I certainly do!

Filed under: Word on the Street | Leave a Comment »

Next Page »
Follow

Get every new post delivered to your Inbox.

Join 45 other followers