You must be the installation owner, or have system administrator or superuser privileges to create users. Superusers and system administrators cannot modify their own extended privileges.
Before you create users, determine what type of authentication the server uses. If the server authenticates users against the operating system, each user must have an account on the server host. If the server uses an LDAP directory server for user authentication, the users do not need to have operating system accounts.
If the repository is the governing member of a federation, a new user can be a global user. Global users are managed through the governing repository in a federation, and have the same attribute values in each member repositories within the federation. If you add a global user to the governing repository, that user is added to all the member repositories by a federation job that synchronizes the repositories.
If a user is authenticated by an LDAP server, only a superuser can modify the user’s LDAP-mapped attributes.
To create or modify user accounts:
Connect to the repository where you want to create new users.
Navigate to Administration > User Management > Users.
Do one of the following:
To create a user, select File > New > User.
The New User page displays.
To modify an existing user, select the user, then select View > Properties > Info.
The User Properties page displays.
Enter or modify the user information, as described in
.Click OK.
Table 4.3. User properties
Field label | Value |
---|---|
State | Indicates the user account state in the repository. Valid values are:
If the user is a superuser, only another superuser can reset the state. |
Name | The user name for the new user. The user name cannot be modified, but can be reassigned to another user. For more information, refer to Reassigning objects to another user. |
User Login Name | The login name used for authenticating a user in repositories. If the user is an operating system user, the user login name must match the operating system name of the user. If the user is an LDAP user, the user login name must match the LDAP authentication name of the user. |
Identifies the domain in which the user is authenticated. This is typically a Windows domain or the name of the LDAP server used for authentication. If you are using Kerberos authentication with LDAP synchronization, the user login domain must be set to the short domain name, as described in Configuring LDAP synchronization for Kerberos users. | |
Specifies how to authenticate a given repository user’s user name and password. Valid values depend on whether the repository runs on a UNIX or Windows server.
| |
Password | The password for the user. This field is displayed if Inline Password is selected as the User Source. Type the password, which is then encrypted and stored in the repository. This must be provided manually for users added using an imported LDIF file. |
Confirm Password | The password for the user. This field is displayed if Inline Password is selected as the User Source. Enter the same password you entered in the Password field. |
Description | A description of the user account. |
E-Mail Address | The E-mail address of the user. This is the E-Mail address to which notifications are sent for workflow tasks and registered events. |
User OS Name | The operating system user name of the user. |
Windows Domain | The Windows domain associated with the user account or the domain on which the user is authenticated. The latter applies if Content Server is installed on a UNIX host and Windows domain authentication is used. |
Home Repository | The repository where the user receives notifications and tasks. |
User is global | If the user is created in the governing repository of a federation, select this option to propagate the user account to all members of the federation. |
Restrict Folder Access To | Specifies which folders the user can access. Click Select to specify a cabinet or folder. Only the selected cabinets and folders display for the user. The other folders do not display but the user can access the folders using the search or advanced search options. If no folders or cabinets are specified, the user has access to all folders and cabinets in the repository, depending on the permissions on those cabinets and folders, and depending on folder security. |
Default Folder | The default storage place for any object the user creates. This option only displays when you are creating a user. Valid values are:
|
Default Group | The group that is associated with the default permission set of the user. Click Select to specify a default group. When the user creates an object in the repository, it automatically belongs to this group. |
Default Permission Set | The permission set that assigns the default permissions to objects the user creates. Click Select to specify a default permission set. |
Db Name | The user name of the user in the underlying RDBMS. The DB Name is only required if the user is a repository owner or a user who registers RDBMS tables. |
Privileges | The privileges that are assigned to the user. User privileges authorize certain users to perform activities in the repository. Select one of the privileges from the drop-down list, as follows:
|
Extended Privileges | Specifies the auditing privileges for the user. Superusers and system administrators cannot modify their own extended privileges.
|
Client Capability | Describes the expertise level of the user. The client capability setting is used by Documentum client products, such as Webtop, to determine which functionality to deliver to the user. Content Server does not recognize or use the client capability setting. For information about the client features available with each setting, refer to the Documentum client documentation. Choose a user type from the list:
|
Alias Set | The default alias set for the user. Click Select to specify an alias set. |
Disable Workflow | Indicates whether a user can receive workflow tasks. |
Disable Authentication Failure Checking | If selected, user can exceed the number of failed logins specified in the Maximum Authentication Attempts field of the repository configuration object. |