Privileged groups

Installing Content Server installs a set of privileged groups. Members of privileged are allowed to perform privileged operations even though the members do not have the privileges as individuals. The privileged groups are divided into two sets.

The first set of privileged groups are used in applications or for administration needs. With two exceptions, these privileged groups have no default members when they are created. You must populate the groups. The following table describes these groups.

Table 4.7. Privileged groups

Group

Description

dm_browse_all

Members of this group can browse any cabinets and folders in the repository, folders except the rooms that were created using Documentum Collaborative Services (DCS).

The dm_browse_all_dynamic is a member of this group by default.

dm_browse_all_dynamic

This is a dynamic role group whose members can browse any object in the repository. The dm_browse_all_dynamic group is a member of the dm_browse_all group.

dm_escalated_allow_save_on_lock

Used internally for RPS.

Created and managed by superusers only. Members of this group can modify and save changes to an object that is checked out by other users.

dm_retention_managers

Members of this group can:

  • Own retainer objects (representing retention policies)

  • Add and remove a retainer from any SysObject.

  • Add and remove content in a retained object

  • Change the containment in a retained virtual document

This is a non-dynamic group.

dm_retention_users

Members of this group can add retainers (retention policies) to SysObjects.

This is a non-dynamic group.

dm_superusers

Members of this group are treated as superusers in the repository.

The dm_superusers_dynamic group is a member of this group by default.

dm_superusers_dynamic

A dynamic role group whose members are treated as superusers in the repository. The dm_superusers_dynamic group is a member of the dm_superusers group.

dm_sysadmin

Members of this group are treated as users with system administrator user privileges.

dm_create_user

Member of this group have Create User user privilege.

dm_create_type

Member of this group have Create Type user privilege.

dm_create_group

Member of this group have Create Group user privilege.

dm_create_cabinet

Member of this group have Create Cabinet user privilege.

The second set of privileged groups are privileged roles that are used internally by DFC. You cannot add or remove members from these groups. The groups are: