Sunday, October 28, 2012

Documentum vs. OnBase Part 4: Access Control and Privileges



This is an odd one, it could be a comparison where patents play a role in the underlying design because in OnBase there is no explicit mention of “access control”. Let’s try to build a simple use case to illustrate the differences between the two approaches to control who can do what when to a document.

Use Case: Excluding a reader group from viewing documents in their draft state, then allowing the reader group to view documents in their approved state.

DCTM:

  1. Create a dm_document object type with attributes
  2. Create a permissions list for draft and approved
  3. Create a lifecycle for the document type
  4.  Add two states for draft and approved
  5. Add an action to each state to apply the permission set (or ACL)
  6. Apply the lifecycle to the document upon import (manually or automatically)

Or

  1. Use ACLs inherited from Folder Security and the folder’s permissions
  2. Do steps 1 and 2 and set permissions on folders and use folder security, moving documents from a draft folder to an approved folder

Or

  1. Use ACLs inherited from the Owner’s permissions
  2. Do steps 1 and 2 and set permission manually on the document after

Or

  1. User ACLs inherited from the document type’s permissions
  2. Do step 2 and set permission manually on the document after


OnBase:

  1. Create two document types: draft and approved
  2. Create two User Groups (at a minimum); one with privileges to create, modify, and delete the draft docs, and one with privileges to view the approved document type
  3. Assign the ability to change doc types to the author’s group


Use Case: Make a document revisable

DCTM:

  1. Create an ACL with Read/Write/Version permissions
  2. Apply it to the document


OnBase:

Change to privileges on a group that is linked to the doc type

Thus, in OnBase it is routine to change doc types as keywords are shared across the types, which is taboo in DCTM. However, in DCTM you have three distinct ways to inherit permissions. This is more flexible. The overall difference in permissions is that OnBase is group privileged based and DCTM is primarily object permission based. Groups are a lot more configurable in OnBase which lends itself to easier setup from a User’s perspective. In DCTM, the document object has its own attributes and is linked to ACLs and Lifecycles. In OnBase, the document is more of an equal player in the system.

No comments: