How to manage the User cabinet’s visibility to users in Documentum Server?

Scenario1: Only owners will be able to see their cabinets , not even super users and System administrator will be able to see their cabinets.


1: Make is_private = 1 which is by default


Scenario 2: Some group (admin users or some other group of users) wants to see the cabinet of all users

1: Make is_private = 0 attribute of the dm_cabinet objects.
2: Create a default_user_cabinet_acl
Where
Dm_world = none
Admingroup = read
Owner = delete

3: apply above ACL on all the cabinets
4: you can apply above created ACL on the dm_cabinet type so that whenever a new cabinet is created, this ACL is applied automatically, One advantage of this approach is , you can change this ACL at anytime and all the cabinets will be affected by this change for example, you want to add one more group of users who wants to see all the cabinets in your organization like managers than you can add that group to this acl and assign them access.

Scenario 3: When you are integrating LDAP authentication and wants to create default cabinets for users.

1: you can create cabinet by mapping users
2: you can create cabinet by passing one more attribute to the
ldapjobSyn method
-create_default_cabinet true
Insert this before –full_sync =false/true parameter

This creates cabinet with the user’s last name, first name example Singh, Kulveer but in this case, the ACL which you created in Scenario2 was not applied to the cabinet even though you applied the ACL on dm_cabinet
type itself, this is strange behaviour, I don’t know why Documentum does so.

OR
You can create cabinet by mapping LDAP attribute in LDAP config object

Goto DA->Basic Configuration->LDAP Servers->Mappting tab->property Mapping table-> Add new property

Where you can map dm_user objects default_folder attribute to the LDAP attribute for example

Default_folder = {$sn}

Refer Documentum Administrator guide for more detail regarding this LDAP mapping.

3: Step 2 will create cabinets only for the new users which are being pulled by the LDAP in both the cases but if you want to create cabinets for all the users which are already pulled into the Documentum than
A: Create users by script for existing users and make is_private = 0
OR
B: Delete all the users in Documentum and run the LDAPSync job and all the users will be created with their default cabinets. Note: you may loose some group and other ACL information which may be lost when you delete the users but it all again depends on your LDAP configuration.

4: in step 3 user’s cabinets are created but you have to run the script to make the is_private=0 and apply the ACL created in Scenario 2. This task can be done by creating job or changing the existing LDAPSync job to change the is_private=0 and apply the ACL . This totally depends on the complexity of your systems user base.

You can use any of the approaches based on your requirement and complexity of the system.

I would like to hear the comments for the above approaches. Let’s make it better by sharing our knowledge.