Dynamic Groups In Documentum

Sometimes application User needs to perform task for which they might need Superuser privileges. As client policies won't allow Application Users to have Superuser permissions, some workaround is needed to solve this issue.

This is the time when Dynamic groups come into picture.

A dynamic group is a group, of any group class, whose list of members is considered

a list of potential members. A setting in the group’s definition defines whether the

potential members are treated as members of the group or not when a repository session

is started. Depending on that setting, an application can issue a session call to add or

remove a user from the group when the session starts.

To simplify above lines let me give one example.

Scenario: For one of the wdk component users needs link\move permission on folders. As folder security is on, it's not possible to move\link folders with user session for which he\she doesn't have permission.

Solution:

1) Create a dynamic protected role(dynamic_superuser_role).

2) Add Groups or Users which needs to have Superuser access in application. These members are called Potential members.

3) Add dynamic_superuser_role in admingroup and docu group.

4) Login to DA as dmadmin. Browse to Administration/Client Rights Management/Privileged Clients node. Click on Manage Client button on right upper corner of screen.Add your client application entry in this list. This will provide access to your client application to use dynamic protected group using user sessions.

5) To identify your application dfc, you can give dfc.name=MyApplicationDFC in dfc.properties file of application.

Above settings allow user sessions to perform tasks with Superuser privileges.

In wdk application, you can write below lines of code

getDfSession().addDynamicGroup("dynamic_superuser_role ");

//Perform your operations.

getDfSession().removeDynamicGroup("dynamic_superuser_role ");