Installing Content Server installs a set of privileged groups. Members of privileged are allowed to perform privileged operations even though the members do not have the privileges as individuals. The privileged groups are divided into two sets.
The first set of privileged groups are used in applications or for administration needs. With two exceptions, these privileged groups have no default members when they are created. You must populate the groups. The following table describes these groups.
Table 4.7. Privileged groups
Group | Description |
|---|---|
dm_browse_all | Members of this group can browse any cabinets and folders in the repository, folders except the rooms that were created using Documentum Collaborative Services (DCS). The dm_browse_all_dynamic is a member of this group by default. |
dm_browse_all_dynamic | This is a dynamic role group whose members can browse any object in the repository. The dm_browse_all_dynamic group is a member of the dm_browse_all group. |
dm_escalated_allow_save_on_lock | Used internally for RPS. Created and managed by superusers only. Members of this group can modify and save changes to an object that is checked out by other users. |
dm_retention_managers | Members of this group can:
This is a non-dynamic group. |
dm_retention_users | Members of this group can add retainers (retention policies) to SysObjects. This is a non-dynamic group. |
dm_superusers | Members of this group are treated as superusers in the repository. The dm_superusers_dynamic group is a member of this group by default. |
dm_superusers_dynamic | A dynamic role group whose members are treated as superusers in the repository. The dm_superusers_dynamic group is a member of the dm_superusers group. |
dm_sysadmin | Members of this group are treated as users with system administrator user privileges. |
dm_create_user | Member of this group have Create User user privilege. |
dm_create_type | Member of this group have Create Type user privilege. |
dm_create_group | Member of this group have Create Group user privilege. |
dm_create_cabinet | Member of this group have Create Cabinet user privilege. |
The second set of privileged groups are privileged roles that are used internally by DFC. You cannot add or remove members from these groups. The groups are:
dm_assume_user
dm_datefield_override
dm_escalated_delete
dm_escalated_full_control
dm_escalated_owner_control
dm_escalated_full_control
dm_escalated_relate
dm_escalated_version
dm_escalated_write
dm_internal_attrib_override
dm_user_identity_override