Professional Documents
Culture Documents
Page 1 of 4
Confer with supervisor to ensure security Group assignments are current and appropriate
Evaluate any restraints on access to Saved Searches
Review enabled Schema allowances
Ensure that any Process activity is associated with an active database.
Saved Searches
Schemas
Process.
Saved Searches - This is enabled through Web Client when access is allowed to one or more Saved
Searches. Saved Searches are created only in the Windows client with the Search Builder tool. The activity
associated with a Saved Search includes the five permissions, below. Modify, Delete and Fax Search are
administrative and have no bearing on Web Client functionality.
Saved Search Functionality
Saved
No
Execute Modify Delete Fax
Searches Access
Search
Search1
Search2
X
X
mk:@MSITStore:c:\Program%20Files\Stellent\IBPM\ibpm.chm::/CLIENT/Csecadma.htm
6/20/2007
Page 2 of 4
Schema selections have a variety of permissions granted to a user regarding access to the data. Like the
permissions enabled with Saved Searches, not all of the Schema permissions apply to Web Client. The table
below shows each Schema permission and identifies which domains it influences: the Windows client (WC)
and/or Web Client (WEB).
WC
Table Permissions
Windows Client
WC
WEB
No Access
Delete*
Print/Fax**
Lock
Doc
Annotation
Local
Access***
Lock Override
Create
Annotate
Annotation
Admin.
Stamp Admin.
Black
Redaction
White
Redaction
Launch
mk:@MSITStore:c:\Program%20Files\Stellent\IBPM\ibpm.chm::/CLIENT/Csecadma.htm
6/20/2007
Page 3 of 4
Span Docs
Modify
View
Ad-Hoc Search
Saved Search
Creation
Associate
Declare
Disable Sticky
Disable Text
Read Only
Sticky
Read Only
Text
Annotation
Security
The Replicate Security feature, which is not actually a part of the schema permissions table, is not available via
the Web.
Process - This are the third and last non administrative arena for permissions. In Web Client, these accesses
and permissions are considered a part of Process.
The user must have access to one or more databases to enable any Process related functionality. These
accesses and permissions may not be administered from Web Client, are exclusive to the Windows client and
generally require administrator access. The IBPM administrator should review access and permissions
carefully because of their secondary impact on Web Client functionality. The best view of these procedures and
resources can be seen under the Process tab on the Security tool.
If Web Client Process functionality is enabled the user must:
z
z
mk:@MSITStore:c:\Program%20Files\Stellent\IBPM\ibpm.chm::/CLIENT/Csecadma.htm
6/20/2007
Page 4 of 4
The Windows client includes an additional series of options that administer tool preferences. These
preferences can effect the functionality of Web Client or custom applications created using the SDK. You can
configure the amount of time that User Connection Manager (UCON) will wait before returning a license to the
free state. To change the 30 minute default for the Web Client it is necessary to change the Windows Client
setting to the new desired timeout.
There are three types of Web Service Client use cases that need to be considered when talking about Web
session Timeouts. They are:
z
z
z
When using the Web Client only, the session timeout setting on the Microsoft Internet Information Server (IIS)
should be set to the same timeout (or close to the same timeout) out as the UCON timeout setting.
The Web Client uses session state. Part of the data required for the Web Client to properly function is kept in
the IIS Session State. This means that when the IIS Session expires the Web Client will require a new login.
Because of this dependence on the IIS Session the shorter of the two timeouts (IIS Session timeout and UCON
timeout) will be the timeout used by the Web Client.
Closing the Web Client without logging out orphans a license for the remainder of the timeout period. Users
should be encouraged to exit the application by logging out, which frees the license.
When using the Web Service Only the IIS Session Timeout does not apply. The Web Services do not use IIS
Session State. This means that the UCON time out setting applies to the Web Service calls regardless of the
IIS Session timeout if only Web Services are used.
When using a combination of the Web Client and Web Services in an integrated solution, keep in mind that as
soon as the Web Client is used, the IBPM License is tied to the IIS Session. Use of the Web Client includes
the use of the URL Toolkit. In this use case the IIS Web Client session end will cause a logout of the license.
mk:@MSITStore:c:\Program%20Files\Stellent\IBPM\ibpm.chm::/CLIENT/Csecadma.htm
6/20/2007