Privileged DFC is the term used to refer to DFC instances that are recognized by Content Servers as privileged to invoke escalated privileges or permissions for a particular operation. In some circumstances, an application needs to perform an operation that requires higher permissions or a privilege than is accorded to the user running the application. In such circumstances, a privileged DFC can request to use a privileged role to perform the operation. The operation is encapsulated in a privileged module invoked by the DFC instance. Supporting privileged DFC is a set of privileged groups, privileged roles, and the ability to define TBOs and simple modules as privileged modules. The privileged groups are groups whose members are granted a particular permission or privileged automatically.

Each installed DFC has an identity, with a unique identifier extracted from the PKI credentials. The first time an installed DFC is initialized, it creates its PKI credentials and publishes its identity to the global registry known to the DFC. In response, a client registration object and a public key certificate object are created in the global registry. The client registration object records the identity of the DFC instance. The public key certificate object records the certificate used to verify that identity.

In Documentum Administrator, the privileged DFC clients are managed on the Privileged Clients page. To access the Privileged Clients page, select Administration > Client Rights Management > Privileged Clients.

The Privileged Clients page provides the following information:

For information about locating registered DFC clients and adding them as privileged DFC clients, refer to Adding privileged DFC clients.

For information about trusted login and trusted server privileges, refer to Configuring privileged client trusted login and trusted server privileges.