User issues in accessing document in a docbase

This error generated while creating a Documentum user in the prod_abc_ db repository. I assigned "user_name" to the "abc_searcher" and "abc_searcher_role" roles.

When I do a search with her credentials, I get 0 results.
Object Type: Document _abc_doc)
Properties: city_name = '....'

Is it something to do with setting ACL for the document through associations for the ACL properties or assigning user that ACL ? or object-level permissions or user level permissions to be given to the user to view the document?

I have added the user to that group for Documentum users to access the documentum webtop and related products and contributor role as client capability none extended permissions or privileges and default ACL as global ACL and default permission set no other privileges to view or config or purge audit given.

What am I doing wrong?
Please throw some light on this issue .

Appreciate your response.

DCTM_guru please help.

Thanks & Warm Regards,
SM.

Comments

  • Roles = features, not security. You need to assign these users to the groups that are defined in the ACL.

    For example, a user belonging to consumer role will NOT see Edit feature even though he/she might belong to group that has WRITE/DELETE permissions. Alternatively, a user belonging to contributor role will see Edit feature, but will not have permissions to change the document if he/she does not belong to group that has at least WRITE permissions.

    Have you read the Content Server Fundamentals guide? You will get your answers to a lot of your questions if you understand the fundamentals of the technology.

  • SmelanathurSmelanathur Technical Architect

    I did Dctm_guru. Please guide me further. Appreciate your response.

  • I cant guide you b/c I don't know your application. I don't know what roles you have configured; I don't know what groups are used in your security. You have been posting a lot of questions on the forum that you should be able to answer if you take Content Server Fundamentals class.

  • SmelanathurSmelanathur Technical Architect

    This error generated while creating a Documentum user in the prod_abc_ db repository. I assigned "user_name" to the "abc_searcher" and "abc_searcher_role" roles.

    When I do a search with her credentials, I get 0 results.
    Object Type: Document _abc_doc)
    Properties: city_name = '....'

  • SmelanathurSmelanathur Technical Architect

    DCTM_GURU,

    I have checked your user properties and ldaniels user account properties as well,
    As per my observation, both the user accounts do not have required ACLs(Permissions-Read/Browse) to view the document type ‘abc_doc’
    Hence I have set the required permissions for your accounts both, in-order to view the document & content associated with it.
    Hope this should suffice in searching the document.

    I searched myself with a user created like her profile and still get 0 results when I do a search. Can I delete that profile and create a new one for her? I don't know what's going on.

    I have given the user 'ldaniels' necessary privileges as consumer-client capability, default acl as abc_acl which is the acl set for the custom object type abc_local_doc , assigned her abc_searcher role and added her to the group abc_searcher as well.

    Hope this should permit you to access the documents based on the custom object type and attributes/properties city_name= ‘xxxxxx’

    Kindly check and confirm so that I could investigate further on this issue.

    Appreciate your kind response.

    Thanks & Warm Regards,
    SM.

  • . I assigned "user_name" to the "abc_searcher" and "abc_searcher_role" roles. When I do a search with her credentials, I get 0 results.

    As I said in my previous post, role assignment only impacts the UI. When you do search, search uses permissions on documents. You probably didn't add them to groups that are part of the ACL on the documents.

  • SmelanathurSmelanathur Technical Architect

    You are absolutely right, I did add her to appropriate group abc_seacher which was configured in our prod_abc_docbase which is the group assigned to the abc_acl on the custom object type based document abc_local_doc.

    Whats else would you like me to add or configure for that user privileges to access the document?

  • SmelanathurSmelanathur Technical Architect

    DCTM_guru please throw some light onto this issue?

  • SmelanathurSmelanathur Technical Architect

    Dctm_guru , the user is not able to search any document based on custom object type and it's properties through advanced search or basic search but the results are displayed wrt the documents based on object type under cabinets folders etc; in-spite of giving her ACL access Read and assigning it to appropriate ACL adding her to group 'consumer' or contributor' role too.

    I have admin privileges and accessed with our service admin account which is system admin and my user account who is super user and could retrieve the results pertaining to custom doc type abc_local_doc and properties city_name etc.

    Restarted full text indexing server and run acl_replication batch file to fix these kind of permissions related issues.
    I have restarted our indexing agent pertaining to abc_index agent for one of our docbases pertaining to it as well. Checked the logs and run dsearch admin console query results wrt the same.
    What else to be done my end?

    Please throw some light on this issue?

    Appreciate your response.

  • If you can find it using your system admin acct, then you didn't modify the ACL appropriately. How did you "...in-spite of giving her ACL access Read and assigning it to appropriate ACL"?

  • SmelanathurSmelanathur Technical Architect

    I have assigned her the role abc_searcher and added her to the group and client capability contributor/consumer too and no exnded privileges and ACL is abc_acl granted her read access which should enable her to search/advance search based on custom object type abc_local_doc and properties city_name ='xxxx' listed for that custom type?

    Could you tell me is there anything I have missed in granting her read permissions editing the abc_acl properties page?

    Please let me know further.?

  • Are you sure that abc_acl is assigned to object instances of type abc_local_doc? Simple DQL:

    select distinct(acl_name) from abc_local_doc

  • SmelanathurSmelanathur Technical Architect

    yes it is assigned please help me fix this issue with the user's read permissions while accessing the document custom document type based on it's attributes or properties city_name='xxxx'

  • Then how did you add the user to ACL? Did you modify the ACL definition using DA or did you modify permissions for a specific document?

  • SmelanathurSmelanathur Technical Architect

    I have modified the ACL definition using my admin account and under abc_acl properties I have granted the user read access as basic level permissions. Do I need to do anything else? Full Text Indexing agent is properly configured and running fine restarted the same, I'm able to search the document attributes using my admin account with super user privileges or full level of access or delete permissions wrt the abc_acl granted for my super user account but not the user with read permissions.

  • SmelanathurSmelanathur Technical Architect

    Please find the attached screen shots of the user access issue.? Kindly help me further if my acl is properly configured for the user associated with the group _searcher etc. Is there any other way to grant the user read or other permissions other than editing the acl type properties or assigning default acl type to user under the properties of the user?

  • Who is the user you are trying to add to the ACL? I don't see group_searcher in the ACL definition either.

  • SmelanathurSmelanathur Technical Architect

    The user is the one with read permissions and yes there is a searcher group you could check that in the image wrt the acl type properties->permissions tab, and the users and the groups granted the permissions.

  • There are two users in your user-acl-attr-issue.jpg. Is it Lynn or Jennifer that is having problem? You didn't grant Lynn READ, you only grant her BROWSE.

    As for the group, I see "dos_searcher" referenced in ACL. You said group_searcher, so this is what I was looking for. Post screenshot of the group membership of "dos_searcher" group to confirm that Lynn is in it.

  • SmelanathurSmelanathur Technical Architect

    Sure, Attached below. In user-acl-attr-issue.jpg; Lynn Daniels has problem. I have granted Lynn READ permissions initially and changed to browse again got back to previous permissions. "dos_searcher" group is being referenced in the dos_acl type properties and the corresponding role associated with it dos_searcher_role.

  • I still don't see screenshot of the dos_searcher group that shows everyone who is in that group. Stop wasting time by uploading stuff that I didn't ask for.

  • SmelanathurSmelanathur Technical Architect

    Please do not get me wrong Dctm_guru...It's only for reference.My sincere apologies!!!!! Attached here.

  • Add your user directly to the group. I have seen issues when you try to add role to the group.

  • SmelanathurSmelanathur Technical Architect

    sure I will.

  • SmelanathurSmelanathur Technical Architect

    Could you brief it up we have searcher role already inside the group even after adding the user separately to the group and assigning that role to the user?

  • Not sure what you are asking about "brief it up",

Sign In or Register to comment.