For scenarios where you need to have dynamic access control for content in FileNet P8 it is recommended to use a security proxy instead of the default instance security on document or folder classes. In the following article I want to describe how to setup the security proxy in ACCE and how you use it to set the access control on documents.

  1. You need to create class that is representing the security proxy documents. I use the is class as child of the custom object class because you can see this only in ACCE which hides it for normal users.

The class itself does not need to have special configuration. Just create a subclass ob custom object. If you want you can add a property template like security proxy name to better identify the proxy document later but this is not necessary.

2. You need to create a property template that is representing the security proxy element from the security proxy custom class. In my case I called it “Security Object”. The data type must be object and you need to access the “Set other attributes” option while creating the property template. Here you can set the “Security Proxy Type – Inherited”

3. Now you can add the property tempalte to the class in where you want to use the dynamic security. In my case I just added it to the “Document” document class. When you added it open the property settings before saving it. On the tab “More” you need to set the “Required class” which is our previously created custom object class “Security Proxy”

Save the settings. Now you can create a Security Proxy Object in the custom object class. For a better handling I create a folder called “Security Proxies” under the root folder.

You can store all the security objects in this folder. If you want to customize the security later it is easier to recover the objects instead of searching them. In the folder create a new custom object

I created a security object called “Class_Document_Proxy”. If you want the security object as a default for the document class you need to set it as the default value for the “Security Object” property tempalte in the document class. So copy the GUID of the create proxy object and paste it in the property templates default value.

In the document class open the “properties” tab and unfold the “Property Definitions” list.

Paste the GUID to the “Property Default Object”. Now each document created in this class uses the security proxy object as default.

In the security proxy object you should now set the required access control in the security tab of the object.

It is important that you set “apply to” to all children of this object. For security reason I do not set the access for the groups to this securitya object. In connection you should also modify the default instance security of the document class. If you still have static users/groups that should have acces to the content like admins you can let them a default security objects in the class. All other remove and entitle them only via security proxy.

If you can see in my case only the p8admin is part of the default instance security of the document class. Lets create a document and see whats happening.

The groups we set up before in the security proxy object are inherited to the document we created. If we now remove of deny i.e. the EMCP_Vertrieb_FB_O_G_2 group it is immediately passed to the document.

You see the security proxy is a very flexible concept for changing authorization requirements in business solution.

5 thoughts on “Using Security Proxies for dynamic authorization in FileNet P8

  1. hello there and thank you for your information – I’ve definitely picked up something new from right here.
    I did however expertise several technical issues
    using this website, as I experienced to reload the web site
    lots of times previous to I could get it to load correctly.
    I had been wondering if your web hosting is OK?
    Not that I’m complaining, but sluggish loading
    instances times will sometimes affect your placement in google and can damage your high-quality
    score if ads and marketing with Adwords. Well I am adding this RSS to my
    email and can look out for a lot more of your respective
    interesting content. Ensure that you update this again very soon.

  2. Nice post. I learn something more challenging on different blogs everyday. It will always be stimulating to read content from other writers and practice a little something from their store. I?d prefer to use some with the content on my blog whether you don?t mind. Natually I?ll give you a link on your web blog. Thanks for sharing.

Comments are closed.