Preparing an object store to be used by Connections

You must prepare an object store so that it can be used by IBM® Connections.

About this task

The following procedure details how to prepare a new Object Store to be used by IBM® Connections. In particular, this topic discusses how to manually configure default security on the object store so users have the appropriate initial permissions, including permissions to download public content, add comments, like documents, and other common operations. The topic also covers the installation of FileNet® add-ons, which include metadata properties used by Connections and event listeners required for new functions such as Document Approval. For more information about object stores, add-ons, and the P8 domain, refer to Library concepts and terminology.

Procedure

  1. Register with Global Configuration Data (GCD). For FNCS 2.0.3 (IBM Content Navigator), open a browser, enter http://hostname:port/dm/jsp/addons.jsp, and then click Install.
  2. Log into ACCE (Administration Console for Content Platform Engine).
    1. To start the administration console use a web browser to access the following URL: 
      http://content_platform_engine_server:port/acce
      where:
      • content_platform_engine_server is the name of the server where Content Platform Engine is deployed.
      • port is the WSI port that is used by the web application on the server where Content Platform Engine is deployed.
      Tip: In a highly available environment, use the load-balanced, virtual name for the content_platform_engine_server:port, for example: http://virtual_server/acce.
    2. If you receive a prompt to block potentially unsafe components from being run, click No.
    3. If you receive a prompt asking you if you want to run this application, click Run. Optionally, select the option to always trust content from this publisher.
    4. Enter your FileNet® administrator user name and password.
  3. On the navigation panel that displays, expand Object Stores and select the object store you will work with.
    If you are creating a new object store, when prompted for administrative and default access, use an LDAP group containing your administrators for both settings. Do not leave the default access empty or use all authenticated users for default access.
    CAUTION: This object store must not have #AUTHENTICATED-USERS on any access list prior to performing these instructions. #AUTHENTICATED-USERS must not have default access to the object store. Granting #AUTHENTICATED-USERS default access, or leaving the default access empty when creating the object store effectively grants #AUTHENTICATED-USERS read access to all content in the object store and bypasses access controls set by communities.
    Note: For an existing installation of IBM® Connections with IBM® FileNet®, the connectionsAdmin user defined in your FileNet® system and the filenetAdmin user defined in your Connections system must be available in the directory configuration of both FileNet® and Connections.
    Important: Before installing the Add-ons, ensure the following steps 4 through 9 have been performed to configure the proper permission settings.
  4. Click the Security tab and then click Add to add #AUTHENTICATED-USERS principal with the following permissions settings:
    1. In the popup dialog, click Search.
    2. In the Available Users and Groups pane, select #AUTHENTICATED-USERS, and click the move button to place it into the Selected Users and Groups pane.
    3. For the Apply to dropdown menu, select This object only.
    4. Under Permission group select Use object store.
    5. Click OK and then click Save.
  5. In the Object Store navigation panel, update the permissions on the following Class Definitions:
    • Object Store > Data Design > Classes
      • Custom Object
      • Document
      • Folder
    • Object Store > Data Design > Classes > Other Classes
      • Abstract Persistable
      • Abstract Queue Entry
      • Choice List
      • Recovery Bin
      • Recovery Item
      • Referential Containment Relationship
      • Task
    Clicking on the class opens its definition panel where you can update permissions for each class as follows:
    1. Click the Security tab and then click Add to add #AUTHENTICATED-USERS principal with the following permissions settings:
    2. In the popup dialog, click Search.
    3. In the Available Users and Groups pane, select #AUTHENTICATED-USERS, and click the move button to place it into the Selected Users and Groups pane.
    4. For the Apply to dropdown menu, select This object and all children.
    5. Under Permission group check create instance and view all properties, and then deselect read permissions. Ensure all other permissions are deselected.
    6. Click OK and then click Save.
    7. Click Close to close the class definition panel.
  6. Set default instance permissions on Choice List class
    In the Object Store navigation panel: Object Store > Data Design > Classes > Other Classes > Choice List
    1. Click Default Instance Security tab of the Choice List class definition panel.
    2. In the popup dialog, click Search.
    3. In the Available Users and Groups pane, select #AUTHENTICATED-USERS, and click the move button to place it into the Selected Users and Groups pane.
    4. For the Apply to dropdown menu, select This object and all children.
    5. Under Permission group check view all properties, and then deselect read permissions.
    6. Click OK and then click Save.
    7. Click Close to close the class definition panel.
  7. Set default instance permissions on Task Relationship class as follows:
    In the Object Store navigation panel: Object Store > Data Design > Classes > Other Classes > Task Relationship
    1. Click Default Instance Security tab of the Task Relationship class definition panel.
    2. In the popup dialog, click Search.
    3. In the Available Users and Groups pane, select #AUTHENTICATED-USERS, and click the move button to place it into the Selected Users and Groups pane.
    4. For the Apply to dropdown menu, select This object and all children.
    5. Under Permission group check view all properties, and then deselect read permissions.
    6. Click OK and then click Save.
    7. Click Close to close the class definition panel
  8. Set default instance permissions on Property Template class for each of the eight Content Engine data types to grant #AUTHENTICATED-USERS the View all properties right on PropertyTemplates that are created by AddOns.
    These permissions should be set to inherit to all subclasses (InheritableDepth=-1) or This object and all children in the Apply To dropdown, if performing these steps manually via FEM/ ACCE).

    In the Object Store navigation panel: Object Store > Data Design > Classes > Other Classes, expand Property Template, and apply the following steps to each of the classes listed.

    For each class under Property Template (including for each of Property Template Binary, Property Template Boolean, Property Template DateTime, Property Template Float64, Property Template Id, Property Template Integer32, Property Template Object, Property Template String):
    1. Select Default Instance Security, click Add, and then click Search in the popup dialog that appears.
    2. In the Available Users and Groups pane, selected #AUTHENTICATED-USERS and click the move button to place it into the Selected Users and Groups pane.
    3. For the Apply to dropdown menu, select This object and all children.
    4. Under Permission group only, View all properties should be checked.
    5. Click OK to add the permission to the list.
    6. Click Save to preserve the permission changes to the Property Template subclass.
  9. In the Object Store panel, click Actions and then select Install Add-on Features. Ensure all the following add-ons are selected and click OK:
    • 5.2.0 Base Application Extensions
    • 5.2.0 Base Content Engine Extensions
    • 5.2.0 Custom Role Extensions
    • 5.2.0 FP1 Social Collaboration User Identity Mapping Extensions
    • 5.2.0 Social Collaboration Base Extensions
    • 5.2.0 Social Collaboration Document Review Extensions
    • 5.2.0 Social Collaboration Notification Extensions
    • 5.2.0 Social Collaboration Role Extensions
    • 5.2.0 Social Collaboration Search Indexing Extensions
    • 5.2.0 TeamSpace Extensions
    • IBM® FileNet® Services for Lotus® Quickr® 1.1 Extensions
    • IBM® FileNet® Services for Lotus® Quickr® 1.1 Supplemental Metadata
  10. Click OK to close message popup.