Administration Delegation

While Documentum Administrator (DA) provides a GUI to manage users and groups, it does not support the concept of delegating administration like eRoom.  There is no way to aggregate users/groups to individual entities that you can then delegate the administration to someone else.  This concept is fully supported in eRoom.  Its been almost 4 years since Documentum (now EMC) acquired eRoom.  One would think that this feature would have been incorporated into the core platform at this point.


8 responses to “Administration Delegation

  1. Welcome to the blogosphere, Johnny!

  2. Johnny, do you think it would be possible for DCTM to simply extend their security model to apply to Persistent objects, instead of SysObjects?

    Then, objects such as user and groups would have the same type of NONE…DELETE permissions applied that documents enjoy. You would probably need to incorporate a concept much like owner, where the install owner has special priviliges over all objects that cannot be revoked (so they can administer ACLs regardless of security)

  3. If security model was extended to persistent objects, DCTM would have to exclude applying security model on dm_acl objects to avoid circular references.

    I think a better model would be for DCTM to create a new admin profile object that could be used to maintain dm_relationship objects between object types, groups, users, cabinets, etc. All DCTM applications would have to modified to look for (support) this profile object. This kind of profile object already exists in many ASP/portal software.

  4. The dm_group object already supports delegated administration (by setting its group_admin field), so this is just a user interface issue.

  5. You’re absolutely right alexeich, but like you said, the GUI still needs to be implemented. As we all know, administration is such a tedious job that a good GUI is essential for admin program (eg DA). Clients should not have to pay developers to customize what should be normal administrative features/functionality.

  6. User and group management is available straight from webtop to users who have System Administrator client capabilities in the classic view. It’s not the best though as well all the groups are shown regardles they can be managed or not but it’s better then nothing.

    I’d avoid giving all these users the DA access since per user licensing and elevated license fee – around 10K$/user AFAIR.

    • Hi Johnny,

      One question. If I only use the installation owner to access to DA for the new content server/repository, and this DA was installed on our old dev server, do I still need to purchase DA license? I mean I only install a new content server but use existing DA, do I have to buy a DA license?


  7. True administration delegation would not show all groups and users. My original point is that this technology is already in eRoom and I dont see why it has taken so long for Documentum to port it over to Webtop/DA.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s