Preparing an object store to be used by Connections
You must prepare an object store so that it can be used by IBM® Connections.
About this task
Procedure
- Register with Global Configuration Data (GCD). For FNCS 2.0.3 (IBM Content Navigator), open a browser, enter http://hostname:port/dm/jsp/addons.jsp, and then click Install.
- Log into ACCE (Administration Console for Content Platform
Engine).
- On the navigation panel that displays, expand Object
Stores and select the object store you will work with.
If you are creating a new object store, when prompted for administrative and default access, use an LDAP group containing your administrators for both settings. Do not leave the default access empty or use all authenticated users for default access.CAUTION: This object store must not have
#AUTHENTICATED-USERS
on any access list prior to performing these instructions.#AUTHENTICATED-USERS
must not have default access to the object store. Granting#AUTHENTICATED-USERS
default access, or leaving the default access empty when creating the object store effectively grants#AUTHENTICATED-USERS
read access to all content in the object store and bypasses access controls set by communities.Note: For an existing installation of IBM® Connections with IBM® FileNet®, theconnectionsAdmin
user defined in your FileNet® system and thefilenetAdmin
user defined in your Connections system must be available in the directory configuration of both FileNet® and Connections.Important: Before installing the Add-ons, ensure the following steps 4 through 9 have been performed to configure the proper permission settings. - Click the Security tab and then
click Add to add #AUTHENTICATED-USERS principal
with the following permissions settings:
- In the popup dialog, click Search.
- In the Available Users and Groups pane, select #AUTHENTICATED-USERS, and click the move button to place it into the Selected Users and Groups pane.
- For the Apply to dropdown menu, select This object only.
- Under Permission group select Use object store.
- Click OK and then click Save.
- In the Object Store navigation panel,
update the permissions on the following Class Definitions:
- Custom Object
- Document
- Folder
- Abstract Persistable
- Abstract Queue Entry
- Choice List
- Recovery Bin
- Recovery Item
- Referential Containment Relationship
- Task
- Click the Security tab and then click Add to add #AUTHENTICATED-USERS principal with the following permissions settings:
- In the popup dialog, click Search.
- In the Available Users and Groups pane, select #AUTHENTICATED-USERS, and click the move button to place it into the Selected Users and Groups pane.
- For the Apply to dropdown menu, select This object and all children.
- Under Permission group check create instance and view all properties, and then deselect read permissions. Ensure all other permissions are deselected.
- Click OK and then click Save.
- Click Close to close the class definition panel.
- Set default instance permissions on Choice List class
In the Object Store navigation panel:
- Click Default Instance Security tab of the Choice List class definition panel.
- In the popup dialog, click Search.
- In the Available Users and Groups pane, select #AUTHENTICATED-USERS, and click the move button to place it into the Selected Users and Groups pane.
- For the Apply to dropdown menu, select This object and all children.
- Under Permission group check view all properties, and then deselect read permissions.
- Click OK and then click Save.
- Click Close to close the class definition panel.
- Set default instance permissions on Task Relationship class
as follows:In the Object Store navigation panel:
- Click Default Instance Security tab of the Task Relationship class definition panel.
- In the popup dialog, click Search.
- In the Available Users and Groups pane, select #AUTHENTICATED-USERS, and click the move button to place it into the Selected Users and Groups pane.
- For the Apply to dropdown menu, select This object and all children.
- Under Permission group check view all properties, and then deselect read permissions.
- Click OK and then click Save.
- Click Close to close the class definition panel
- Set default instance permissions on Property Template class
for each of the eight Content Engine data types to grant #AUTHENTICATED-USERS the View
all properties right on PropertyTemplates that are created
by AddOns.These permissions should be set to inherit to all subclasses (InheritableDepth=-1) or This object and all children in the Apply To dropdown, if performing these steps manually via FEM/ ACCE).
In the Object Store navigation panel: Property Template, and apply the following steps to each of the classes listed.
, expandFor each class under Property Template (including for each of Property Template Binary, Property Template Boolean, Property Template DateTime, Property Template Float64, Property Template Id, Property Template Integer32, Property Template Object, Property Template String):- Select Default Instance Security, click Add, and then click Search in the popup dialog that appears.
- In the Available Users and Groups pane, selected #AUTHENTICATED-USERS and click the move button to place it into the Selected Users and Groups pane.
- For the Apply to dropdown menu, select This object and all children.
- Under Permission group only, View all properties should be checked.
- Click OK to add the permission to the list.
- Click Save to preserve the permission changes to the Property Template subclass.
- In the Object Store panel, click Actions and
then select Install Add-on Features. Ensure
all the following add-ons are selected and click OK:
- 5.2.0 Base Application Extensions
- 5.2.0 Base Content Engine Extensions
- 5.2.0 Custom Role Extensions
- 5.2.0 FP1 Social Collaboration User Identity Mapping Extensions
- 5.2.0 Social Collaboration Base Extensions
- 5.2.0 Social Collaboration Document Review Extensions
- 5.2.0 Social Collaboration Notification Extensions
- 5.2.0 Social Collaboration Role Extensions
- 5.2.0 Social Collaboration Search Indexing Extensions
- 5.2.0 TeamSpace Extensions
- IBM® FileNet® Services for Lotus® Quickr® 1.1 Extensions
- IBM® FileNet® Services for Lotus® Quickr® 1.1 Supplemental Metadata
- Click OK to close message popup.