Suppose that a senior manager needs to be able to read all the documents in a Documentum repository. This ability should apply not only to the existing documents in the repository but also to documents that may be created/imported in future.
Without a special mechanism, such a requirement would lead to some group being added to all the ACLs used by documents. Documentum 6.5 SP2 introduced a built-in group
dm_read_all, which has
READ access to any sysobject in the repository regardless of the ACL assigned to the object. Similarly, the
dm_browse_all group (this existed in versions before 6.0), has
BROWSE access on all the sysobjects in the repository.
Thus our requirement can be met by simply adding the user to