+

Search Tips   |   Advanced Search

Prepare an object store to be used by Connections

You must prepare an object store so that it can be used by IBM Connections.

The following procedure details how to prepare a new Object Store to be used by IBM Connections. In particular, this topic discusses how to manually configure default security on the object store so users have the appropriate initial permissions, including permissions to download public content, add comments, like documents, and other common operations. The topic also covers the installation of FileNet add-ons, which include metadata properties used by Connections, and event listeners required for new functions such as Document Approval. For more information about object stores, add-ons, and the P8 domain, refer to Library concepts.

  1. Register with Global Configuration Data (GCD) :

    For Linux, AIX :

    1. Open the command console.

    2. Run the command: export JAVA_HOME=/opt/IBM/WebSphere/AppServer/java/jre where /opt/IBM/WebSphere/AppServer is the location where WebSphere Application server is installed

    3. cd WP_PROFILEhe FileNet Collaboration Services (FNCS) installation folder: cd /opt/IBM/FNCS

    4. Run to register the Quickr addons with the Global Configuration Database (GCD): ./addon.sh /opt/IBM/FNCS/CE_API http://127.0.0.1:9080/wsi/FNCEWS40MTOM/ where 127.0.0.1:9080 is the server/port the Content Platform Engine is installed on.

    For Windows:

    1. Open the command console.

    2. Run the command: set JAVA_HOME=C:\IBM\WebSphere\AppServer\java\jre where C:\IBM\WebSphere\AppServer is the location where WebSphere Application server is installed

    3. cd WP_PROFILEhe FileNet Collaboration Services (FNCS) installation folder: cd C:\IBM\FNCS

    4. Run to register the Quickr addons with the Global Configuration Database (GCD): .\addon.bat C:\IBM\FNCS\CE_API http://127.0.0.1:9080/wsi/FNCEWS40MTOM/ where 127.0.0.1:9080 is the server/port the Content Platform Engine is installed on.

  2. Log into ACCE (Administration Console for Content Platform Engine).

    1. To start the administration console use a web browser to access the following URL:

        http://content_platform_engine_server:port/acce

      where:

      • content_platform_engine_server is the name of the server where Content Platform Engine is deployed.

      • port is the WSI port used by the web application on the server where Content Platform Engine is deployed.

      In a highly available environment, use the load-balanced, virtual name for the content_platform_engine_server:port, for example: http://virtual_server/acce.

    2. If we receive a prompt to block potentially unsafe components from being run, click No.

    3. If we receive a prompt asking you to run this application, click Run. Select the option to always trust content from this publisher.

    4. Enter the FileNet administrator user name and password.

  3. On the navigation panel that displays, expand Object Stores and select the object store you will work with. If we are creating a new object store, when prompted for administrative and default access, use an LDAP group containing the administrators for both settings. Do not leave the default access empty or use all authenticated users for default access.

    CAUTION:

    This object store must not have #AUTHENTICATED-USERS on any access list prior to performing these instructions. #AUTHENTICATED-USERS must not have default access to the object store. Granting #AUTHENTICATED-USERS default access, or leaving the default access empty when creating the object store effectively grants #AUTHENTICATED-USERS read access to all content in the object store and bypasses access controls set by communities.

    For an existing installation of Connections with IBM FileNet, the connectionsAdmin user defined in the FileNet system, and the filenetAdmin user defined in the Connections system must be available in the directory configuration of both FileNet and Connections.

    Important: Before installing the Add-ons, ensure the following steps 4 through 9 have been performed to configure the proper permission settings.

  4. Click the Security tab and then click Add to add #AUTHENTICATED-USERS principal with the following permissions settings:

    1. In the popup dialog, click Search.

    2. In the Available Users and Groups pane, select #AUTHENTICATED-USERS, and click the move button to place it into the Selected Users and Groups pane.

    3. For the Apply to dropdown menu, select This object only.

    4. Under Permission group select Use object store.

    5. Click OK and then click Save.

  5. In the Object Store navigation panel, update the permissions on the following Class Definitions:

    • Object Store > Data Design > Classes

      • Custom Object

      • Document

      • Folder

    • Object Store > Data Design > Classes > Other Classes

      • Abstract Persistable

      • Abstract Queue Entry

      • Choice List

      • Recovery Bin

      • Recovery Item

      • Referential Containment Relationship

      • Task

    Clicking on the class opens its definition panel where we can update permissions for each class :

    1. Click the Security tab and then click Add to add #AUTHENTICATED-USERS principal with the following permissions settings:

    2. In the popup dialog, click Search.

    3. In the Available Users and Groups pane, select #AUTHENTICATED-USERS, and click the move button to place it into the Selected Users and Groups pane.

    4. For the Apply to dropdown menu, select This object and all children.

    5. Under Permission group check create instance and view all properties, and then deselect read permissions. Ensure all other permissions are deselected.

    6. Click OK and then click Save.

    7. Click Close to close the class definition panel.

  6. Set default instance permissions on Choice List class In the Object Store navigation panel: Object Store > Data Design > Classes > Other Classes > Choice List

    1. Click Default Instance Security tab of the Choice List class definition panel.

    2. In the popup dialog, click Search.

    3. In the Available Users and Groups pane, select #AUTHENTICATED-USERS, and click the move button to place it into the Selected Users and Groups pane.

    4. For the Apply to dropdown menu, select This object and all children.

    5. Under Permission group check view all properties, and then deselect read permissions.

    6. Click OK and then click Save.

    7. Click Close to close the class definition panel.

  7. Set default instance permissions on Task Relationship class : In the Object Store navigation panel: Object Store > Data Design > Classes > Other Classes > Task Relationship

    1. Click Default Instance Security tab of the Task Relationship class definition panel.

    2. In the popup dialog, click Search.

    3. In the Available Users and Groups pane, select #AUTHENTICATED-USERS, and click the move button to place it into the Selected Users and Groups pane.

    4. For the Apply to dropdown menu, select This object and all children.

    5. Under Permission group check view all properties, and then deselect read permissions.

    6. Click OK and then click Save.

    7. Click Close to close the class definition panel

  8. Set default instance permissions on Property Template class for each of the eight Content Engine data types to grant #AUTHENTICATED-USERS the View all properties right on PropertyTemplates created by AddOns. These permissions should be set to inherit to all subclasses (InheritableDepth=-1) or This object and all children in the Apply To dropdown, if performing these steps manually via FEM/ ACCE).

    In the Object Store navigation panel: Object Store > Data Design > Classes > Other Classes, expand Property Template, and apply the following steps to each of the classes listed.

    For each class under Property Template (including for each of Property Template Binary, Property Template Boolean, Property Template DateTime, Property Template Float64, Property Template Id, Property Template Integer32, Property Template Object, Property Template String):

    1. Select Default Instance Security, click Add, and then click Search in the popup dialog that appears.

    2. In the Available Users and Groups pane, selected #AUTHENTICATED-USERS and click the move button to place it into the Selected Users and Groups pane.

    3. For the Apply to dropdown menu, select This object and all children.

    4. Under Permission group only, View all properties should be checked.

    5. Click OK to add the permission to the list.

    6. Click Save to preserve the permission changes to the Property Template subclass.

  9. In the Object Store panel, click Actions and then select Install Add-on Features. Ensure all the following add-ons are selected and click OK:

    • 5.2.0 Base Application Extensions

    • 5.2.0 Base Content Engine Extensions

    • 5.2.0 Custom Role Extensions

    • 5.2.0 FP1 Social Collaboration User Identity Mapping Extensions

    • 5.2.0 Social Collaboration Base Extensions

    • 5.2.0 Social Collaboration Document Review Extensions

    • 5.2.0 Social Collaboration Notification Extensions

    • 5.2.0 Social Collaboration Role Extensions

    • 5.2.0 Social Collaboration Search Indexing Extensions

    • 5.2.0 TeamSpace Extensions

    • IBM FileNet Services for Lotus Quickr 1.1 Extensions

    • IBM FileNet Services for Lotus Quickr 1.1 Supplemental Metadata

  10. Click OK to close message popup.


Parent topic:
Configure IBM Connections Content Manager with an existing FileNet deployment