Professional Documents
Culture Documents
Unit 10
Unit 10
- Verifying a user identity based on credentials Authorization userlara, object based actionlar yapabilme
User Name/Password izni vermektir. (Yetkilendirme)
- Authentication of individuals through the
external authentication mechanism is the key Authorization, prior authentication (önkimlik denetimi)
features in Filenet P8 gerektirir ve authentication boyunca üretilen security
token kullanır.
Two main security standart:
Eğer userlar veya group (principal) FileNet P8 de Folder
JAAS- Java Authentication and Authorization Service Document, object store gibi objectlere erişim girişiminde
bulunuyorsa CPE ilgili principalların, objectler üzerindeki
The JAAS standart forms the framework for security permissionlarını, directory servicedeki permissionlardan
interoperability in the Java EE World. check eder.
Web Service Security Example of an authorization error
The Web Services Security standard forms the A user tries to log in to IBM Content Navigator and
framework for security interoperability in the receives a login error. This user is a verified member in
heterogeneous world of clients and servers that the LDAP directory.
communicate through web services interfaces.
• Error message: You do not have the appropriate
Error message: The user ID or password is not valid for permissions to access the following repository:
the server. <repository name>
Causes: User is not a member in the LDAP directory or Cause: User is not authorized to view the object store
the LDAP directory service is not reachable. that is defined for Authentication on the IBM Content
Solution: Ensure that LDAP is running and reachable by Navigator desktop.
the Content Platform Engine and check the LDAP Solution: Ensure that the user is authorized to access the
directory to verify that the user exists. object store.
User roles
Authentication providers: Farklı kullanıcılar bazında objectlere değişen seviyede
Authentication providerlar, FileNet p8 için erişim izni sağlanır. For example, administrators, solution
authentication sağlayan LDAP-Compliant (uyumlu) builders, authors, and users might have different access
directory servicelerdir. rights to the same objects. ACCE’ye accessi bulunan bazı
adminler bile farklı yetki seviyelerine sahip olabilir.
Auth. Providerlar FileNet P8 installationdan JAAS Örneğin bazısı Property templateleri oluşturabilirken
Configuration boyunca identify edilir. diğer adminler oluşturamaz.
Every ACE has a source either Default Security, Direct • Template - Deny
Instance Security, Security Inheritance or Security • Template - Allow
Template. You can view the source types of ACE in the
security editor of Administration Console for Content • Inherit - Deny
Platform Engine (ACCE).
• Inherit - Allow
• Direct Instance Security