[UPDATE] A new version (November 2009) of the architecture whitepaper is out now. However, the errors pointed out below continue to persist in the new version.
A Documentum Architecture whitepaper is available on EMC Documentum Developer Community site – EMC Documentum Architecture: Delivering the Foundations and Services for Managing Content Across the Enterprise. A part of page 13 from the currently posted version (dated January 2008, a newer version will probably fix this issue) is shown below. It describes object-level security in a confusing manner.
The areas of concern are marked in the image. These concerns are explained below:
- Under Basic Permissions, it states that Delete is a special case with regard to the cumulative property. This is an incorrect assertion. The Delete basic permission does imply all the other lower basic permissions.
- The section title – “Object-level delete privileges” is inconsistent with Documentum terminology. Privileges are associated with users and permissions are associated with objects being secured.
- “Delete Object permission” should be “Delete Object extended permission” to be unambiguously correct. It is not the basic delete permission, which is suggested by the last sentence of the previous section.
- Two Extended Permissions are missing in the list – Delete Object and Change Folder Links. The Delete Object extended permission is actually what is explained under the title “Object-level delete privileges” above. The Change Folder Links extended permission was introduced in Documentum 6. It enables linking to and unlinking from a folder.