Results 1 to 10 of 10
  1. #1
    Join Date
    Sep 2004
    Posts
    12

    Unanswered: CM Windows Client privileges

    CM for Multiplatforms 8.2.0.20
    Solaris 8

    Hi all,

    After having contacted IBM on my issue, they have directed me here as
    they can't help me.

    Issue:

    I need to be able to create a READ ONLY client user that doesn't have the
    privilege to use the SHOW/HIDE button in the Windows Client. As an example,
    I work for a county level government and as all our data is public
    information, Joe Public can come in and ask for it. There are some obvious
    issues such as SSN's on employee records OR account numbers for the various
    bank accounts the county has. We obviously can use annotation to hide those sorts of sensitive things but I can't figure out (and IBM says it's not
    possible) how to keep a READ ONLY client user from using the SHOW/HIDE
    button so as not to expose that information. Any help would be greatly
    appreciated.


    THX

    Ted H. Smith, Jr.
    Information Services Department
    Platte County, Missouri
    tel: 816-858-1944
    fax: 816-858-3390
    teds@co.platte.mo.us

  2. #2
    Join Date
    Aug 2004
    Posts
    330
    What is CM? Is this data kept in DB2 tables? If so, just use views.

  3. #3
    Join Date
    Sep 2004
    Posts
    12
    Hi urqel,

    CM is Content Manager, which I would say is the middleware I use to (amongst other things) set up users for our document imaging solution. Most of these users (employees) have full privileges insofar add/update/delete. My problem is that I have to create a user that ONLY has read privileges with even more limitations. The Windows Client is the front end on our solution that allows one to pull documents up once they've been scanned and indexed. The Windows Client has a SHOW/HIDE button that allows a user to either see/not see the annotations (stamps,circles,squares,sticky notes.......we use the square to block SSN). Since our data is in the public domain, we have to provide reasonable access to it in this case via the Windows Client. Senisitive information like SSN's etc. can NOT be made public for obvious reasons. All these privileges or privilege sets are controlled via CM and I'm at a dead end insofar as what to do. My last resort will be to have our IBM rep. make a request to the developers to make a change in the form of a future fixpack.


    Ted

  4. #4
    Join Date
    Sep 2004
    Posts
    12
    Urqel.........I didn't answer your entire question. Yes the data is kept in DB2.

  5. #5
    Join Date
    Sep 2002
    Posts
    41
    Ted_smith,
    You will have to create userid and grant read-only privilege (through ACL) for that user. All you can do through CM system Administration Client.
    Read CM system Administration guide on controlling user access.

  6. #6
    Join Date
    Sep 2004
    Posts
    12
    Kuckoo,

    The Administration Client has privileges and privilege sets, none of which include the ability to turn off the show/hide. I've mixed and matched every privilege in CM and no success yet.

  7. #7
    Join Date
    Sep 2002
    Posts
    41
    It looks like, you are right. How about eClient, Can you use eClient instead of Windows Client for read-only user, eclient is more flexible. Also, If you can customize windows Client then you may able to disable show-hide button, ask IBM on that.

    Just Curious, can you create ACL that has only read-only priviledge on document and no access to annotation?

    If I understood correctly, your requirement is that you want user to have read only access to documents (with annotation that hides sensitive data) but don't want them to HIDE annotations correct?

    How about hiding sensitive data with other method like stamps? I think show/hide button is only for annotation.

  8. #8
    Join Date
    Sep 2004
    Posts
    12
    Kuckoo,

    I tried going the way of the ACL and that ends up hiding the annotations thereby rendering them useless. Unfortunately, stamps ARE part of annotations..........arrrgh!! I tried E-Client but no luck there either. Not only can a user access them (annotations) in E-client, but they can move them around. I'm not sure how I would go about customizing the Windows Client as I don't have access to that code. I'll keep digging around for a solution before I call up by IBM rep.. I appreciate your help on the issue none the less.

    THX

    Ted

  9. #9
    Join Date
    Sep 2002
    Posts
    41
    This can be possible through eClient. You are assigning more privileges (more than read-only) to users. Try following

    (1) Create new user group "grp1"
    (2) Create new user "user1" and assign it to "grp1"
    (3) Create new privilege set, lets say "ronlyset"
    - Grant only connect,query and read privileges to ronlyset
    (i.e. Read basepart,read annotation,read notelog etc.)
    (4) on ACL, link "user1" or "grp1" with privilege set "ronlyset"
    (5) Login to eClient/pclient with "user1" and test

    You might have to test with differnet combination of privilege sets at step (3) until your scenario solved.

  10. #10
    Join Date
    Sep 2004
    Posts
    12
    I'll give it a shot(s) and let you know what happens......

    THX

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •