Professional Documents
Culture Documents
IBM FileNet P8 Platform Administration (V5.5.x) - F2810GCourse - Guide
IBM FileNet P8 Platform Administration (V5.5.x) - F2810GCourse - Guide
June 2019
NOTICES
This information was developed for products and services offered in the USA.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for
information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to
state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not
infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any
non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document.
The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
United States of America
The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law:
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Therefore, some states do not allow disclaimer of express or implied
warranties in certain transactions this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these
changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the
program(s) described in this publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an endorsement of
those websites. The materials at those websites are not part of the materials for this IBM product and use of those websites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Information
concerning non-IBM products was obtained from the suppliers of those products, their published announcements, or other publicly available
sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM
products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the
examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and
addresses used by an actual business enterprise is entirely coincidental.
TRADEMARKS
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions
worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the
web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
Adobe, and the Adobe logo, are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other
countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Notepad++ is a registered trademark.
© Copyright International Business Machines Corporation 2019.
This document may not be reproduced in whole or in part without the prior written permission of IBM.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
ACCESSIBILITY
Accessibility features assist users who have a disability, such as restricted mobility or limited vision, to use information technology content
successfully. Many IBM products include accessibility features for navigating the user interface, and for authoring reports so that they're accessible
for yourself or others. Please consult the product documentation for an overview of accessible product features. Online product documentation can
be accessed at the IBM Knowledge Center (http://www.ibm.com/support/knowledgecenter/).
Course information
Course overview
This course teaches you the configuration and administration of an IBM FileNet P8
Platform 5.5.x system. It introduces you to the key concepts of IBM FileNet P8 Platform
architecture and organizing the content across the enterprise. You will learn how to
build content repositories, configure metadata, create storage areas, manage security,
logging, and auditing, run bulk processing, use the sweep framework, extend the
functionality with Events and Subscription, migrate and deploy FileNet P8 assets
between environments, and configure content-based retrieval searches.
Intended audience
This course is for administrators and users who are responsible for planning,
administrating and configuring an IBM FileNet P8 Platform system.
Course prerequisites
Participants should have knowledge of or taken the courses in the following areas:
• Familiarity with enterprise content management concepts.
Topics covered
Topics covered in this course include:
• Introduction to IBM FileNet P8 Platform
• Architecture and domain structures
• Manage logging
• Configure auditing
• Manage storage areas
• Build an object store
• Create property templates and classes
• Modify classes and properties
• Use events to trigger actions
• Configure security for IBM FileNet P8 assets
• Use bulk operations
• Configure content-based retrieval searches
• Work with sweeps
• Move IBM FileNet P8 Platform applications between environments
• Introduction to IBM FileNet P8 content services containers
• Organize content across the enterprise
Review Questions
Question 1: How would you define an IBM FileNet P8 Platform solution? (Select one)
A. An object store that contains folders and files
B. A set of workflows
C. A solution that addresses a business need
D. A set of stored searches
Answer 1: C
IBM FileNet P8 Platform provides tools for building a solution or application that
addresses a business need.
Question 2: IBM FileNet P8 Platform is commonly used by which industry? (Select
one)
A. Banking
B. Academia
C. Government agencies
D. All of the above
Answer 2: D
IBM FileNet P8 Platform is used by many industries.
• The presentation layer and business logic layer, on the top, focus on the clients
that connect to Content Platform Engine.
IBM Content Navigator (ICN) is the primary web client to manage the content.
You can customize and extend ICN and also create custom applications.
Administration Console for Content Platform Engine is the web client to configure
and administer Content Platform Engine.
The business logic layer includes Content and Process Java, Web Services,
REST, and .NET APIs.
• The services layer in the middle includes the core components that make up IBM
FileNet P8 Platform.
The Content Platform Engine is the core engine providing both content and
process services.
This layer also includes IBM Content Search Services.
• The data layer, which is the lowest layer, includes LDAP directory services,
databases, and content storage.
Content Platform Engine architecture
Content Platform Engine is an IBM FileNet P8 Platform component that manages
enterprise-wide objects and documents by offering powerful and administration tools.
Using these tools, an administrator can create and manage the classes, properties,
storage, and metadata that form the foundation of an enterprise content management
system.
The Content Platform Engine architecture includes the following aspects:
• Object-oriented, extensible metadata model
This model enables Content Platform Engine to provide complex and flexible data
representation.
The model includes a rich event framework that provides the means to trigger
actions in response to activities performed against Content Platform Engine
objects.
• Content Engine Application programming interfaces (APIs)
The APIs provide an extensible platform for development.
A Java-based API provides a rich set of Java classes that maps to object store
objects, such as Document, Folder, or Property Description.
A Web Service API enables users to author applications in a platform and
language-independent manner that expose the object model in a few generic
methods suitable for deployment in a web environment.
A Microsoft .NET framework-based API, functionally equivalent to the Java-based
API, provides for development of applications that use the .NET framework.
• Process Engine Application programming interfaces (APIs)
A Java-based API provides a rich set of Java classes to customize the way that the
application interfaces with user, data, and workflow services.
A Web Service API enables users to author applications in a platform and
language-independent manner.
This page contains information about the IBM FileNet P8 system including the
product name and version, and log files location.
• In the Mozilla Firefox browser, open a new tab, click the Bookmarks menu and
then select System Health > PE Ping
You can also enter the following URL for the ping page:
http://vclassbase:9080/peengine/IOR/ping
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click OK.
• Verify that the Process Engine Server Information (Ping Page) is displayed to
indicate that Content Platform Engine process services are functioning properly.
This page contains information about the IBM FileNet P8 system including the
product name and version, and log files location.
• In the Mozilla Firefox browser, open a new tab, click the Bookmarks menu and
then select System Health > FileNet P8 System Health
You can also enter the following URL: http://vclassbase:9080/P8CE/Health
• Verify that the IBM FileNet Content Manager - CE System Health page is
displayed.
This page includes information about P8 Domain (EDU_P8), object stores, and
other resources. Each item has a link to view more details. The green circle shows
these resources are available.
• Click the Object Stores link under the Resources section and then verify that the
available object stores are listed.
• In the Mozilla Firefox browser, open a new tab, click the Bookmarks menu and
then select System Health > ICN Ping
You can also enter the following URL for the ping page:
http://vclassbase:9081/navigator/ping.jsp
Takes a few seconds for the page to open.
• If prompted to log on, type p8admin for the User name field, FileNet1 for the
Password field, and then click OK.
• Verify that the IBM Content Navigator Ping Page is displayed to indicate that IBM
Content Navigator application is functioning properly.
This page contains information about Content Navigator including the product
name and version.
• In the Mozilla Firefox browser, open a new tab, click the Sample Desktop
bookmark.
You can also enter the following URL: http://vclassbase:9081/navigator/
• If prompted to login, type p8admin for the User name field, FileNet1 for the
Password field, and then click Log In.
• Verify that the Content Navigator Desktop (called Sample Desktop) opens with
the Browse view (indicated on the upper left).
This desktop is configured to browse the LoanProcess object store by default
(indicated on the upper right).
• In this view, you can browse to folders, view documents, and manage the content.
If you get the Browse page, it indicates that the following components are running
and communicating within your student system:
• A database system
Your student system uses the IBM DB2 database software. Every time a user
logs in to the desktop, the desktop configuration is loaded from the DB2
database. This step demonstrates that the database used by the FileNet P8
Platform is functional.
• An LDAP directory service to handle user authentication. Your student system
uses Active Directory.
• Click the head and shoulder icon on the banner, select Log Out to log out of IBM
Content Navigator and then close the browser.
In a business scenario, if an IBM FileNet P8 environment has multiple CPE and ICN
servers, the ping page only indicates that the one server that is used in the ping URL is
verified. This statement applies even if you use a load balancer URL. For a multi-server
environment, ping each server to ensure the whole environment is up and running.
Examine the IBM FileNet P8 Platform applications.
In this task, you will open the WebSphere Integrated Solutions Console and observe
the IBM FileNet P8 Platform applications.
• In the Mozilla Firefox browser, click the WAS bookmark or enter the following
URL: https://vclassbase:9043/ibm/console/logon.jsp
• Type wasadmin for the User ID field, FileNet1 for the Password field, and then
click Log in.
The console opens.
• On the left pane, expand the Applications > Application Types node and then
click WebSphere enterprise applications.
• On the right pane, verify that the Application Status column shows a green arrow
to indicate that the following two applications are running.
• FileNetEngine (Content Platform Engine)
• navigator (IBM Content Navigator)
These two key applications are required for IBM FileNet P8 Platform. You will not
be using the DefaultApplication and starting it is not required.
• Click FileNetEngine to open it.
It takes a few moments to open.
You can also right-click FileNetEngine and select Open Link in New Tab.
• Under the Modules section, click Manage Modules.
A list of modules are shown that make up the FileNetEngine application.
The acce application is the Administration Console for Content Platform Engine
tool.
• If you opened the FileNetEngine application in a separate tab, close the tab.
Explore the interdependencies between IBM Content
Navigator and Content Platform Engine.
In this task, you will stop the FileNetEngine application (Content Platform Engine) and
open an IBM Content Navigator (ICN) desktop. ICN is the primary web client for
business users to work with content and workflow tasks. ICN connects to the IBM
FileNet Content Manager repositories and uses the repository for authentication.
• If it is not already open, from the left pane, click the Applications > Application
Types > WebSphere enterprise applications node.
• On the right pane, select the box next to FileNetEngine and click Stop.
• Wait until a red X is shown to the right of FileNetEngine on the Application
Status column.
• Log out of the WebSphere Integrated Solutions Console and close the browser.
• Open the Mozilla Firefox browser, click the Sample Desktop bookmark or enter
the following URL: http://vclassbase:9081/navigator.
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
You get an error with the message that the repository is not available. IBM Content
Navigator (ICN) attempts to load the desktop but it cannot load the desktop
because FileNetEngine is not running and ICN cannot connect to the repository.
• Close the browser and reopen to log in to the WebSphere Integrated Solutions
Console (WAS) again with the same user ID and password as above
(wasadmin/FileNet1).
• On the left pane, expand the Applications > Application Types node and then
click WebSphere enterprise applications.
• On the right pane, select the box next to FileNetEngine and click Start.
• Wait until a green check mark is shown to the right of FileNetEngine on the
Application Status column.
• Click the Refresh icon next to the Application Status column header to
refresh the view.
• Log out of the WebSphere Integrated Solutions Console and close the browser.
• In the Mozilla Firefox browser, click the Sample Desktop bookmark or enter the
following URL: http://vclassbase:9081/navigator.
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• This time, the desktop opens without any errors and the LoanProcess Repository
is listed in the Browse mode.
Name, ID, and type of the P8 domain are shown. The name of the domain for the
student system is EDU_P8.
• Select the Properties subtab, click the Property Name cell to sort the list
alphabetically and then review the properties that are listed.
The Default Site property has Initial Site as the value.
• Scroll down to the Subsystem Configurations property, and then click the blue
down arrow to the right of that property.
Observe that a list of different subsystem configurations displays. When you select
a subsystem, it opens as a separate tab and the configuration can be updated.
• If you opened any subsystem tabs, you can close them.
In this domain (EDU_P8), the p8admin user has full control on the domain and all
its children. The default #AUTHENTICATED-USERS group has custom
permission access for the domain and its immediate children.
• Click the Directory Configuration subtab.
Notice that EDU_AD is defined for the P8 domain. A FileNet P8 Domain can be
configured to use multiple directory configurations.
• Click the EDU_AD link in the Name column.
The EDU_AD tab opens.
• In the EDU_AD tab, examine the properties that are displayed, such as Directory
Server Type and then close the tab.
The directory configuration is generally configured with the FileNet Configuration
Manager. ACCE can be used to update the settings or just to view them.
• Click the Server Cache Subsystem tab and then review the properties.
You optimize the efficiency of the server cache for improving the system
performance.
• Optionally, click each of the subsequent tabs to review the properties.
Click the forward arrow to access more tabs.
• Click the down arrow at the top right and select SMTP Subsystem tab.
Click the SMTP Subsystem tab, if the content is not displayed. You can also click
Refresh. In this tab, you can configure an SMTP mail server to set up email
notifications. Mail services are not enabled on this domain for the student system.
• Click the Workflow Subsystem tab.
In this tab, you enable Workflow and Case Analyzer and adjust tuning parameters.
Explore the Global Configuration folder structure.
In this task, you explore the properties and objects that are located in the Global
Configuration folder.
• On the left pane of the EDU_P8 tab, expand Global Configuration >
Administration > Sites > Initial Site (Default).
This is the site that is created when you create a P8 domain. This site is set as the
default site for the domain.
You can create a new site and set it as the default site. You can have multiple sites
in a single FileNet P8 domain.
• Observe that there are several nodes listed under the Initial Site (Default) node.
The default site contains the associated resources such as virtual servers, index
areas, and object stores.
Any resources that are added to the domain are associated with the default site,
unless otherwise specified.
• Select the Initial Site (Default) node on the left pane, explore the subtabs that are
available for the Initial Site (Default) tab, and then close the tab.
• On the left pane of the EDU_P8 tab, expand Global Configuration >
Administration > Database Connections and select FNOSDS.
The FNOSDS tab opens.
• On the right pane, click the Properties subtab of the FNOSDS tab and then
examine the data source properties and the database type.
• Click the Object Stores subtab.
The object stores that use this database connection are listed.
• Click the Sales object store.
A new tab opens for the Sales object store. You will explore the object store in the
next task.
• Close the Sales tab by clicking the X on the tab, and then close the FNOSDS tab
by clicking Close.
• From the EDU_P8 tab, on the left pane, collapse the Administration folder,
expand the Global Configuration > Data Design and click the Add-ons folder.
On the right pane, object store add-ons are listed. When you create a new object
store, you choose from this list of Add-ons. Each Add-on provides predefined
metadata that extends the basic operation of IBM FileNet P8 Platform. For
example, Thumbnail Extensions are required if your object store needs to support
thumbnails.
• Close the Add-ons tab.
• On the left pane, notice the Data Design > Marking Sets folder.
Marking Sets are primarily used for records management. No Marking Sets are
defined in this domain.
Explore the Object Stores folder structure.
In this task, you explore the objects and properties that are located in the Object stores
folder.
• On the left pane of the EDU_P8 tab, collapse the Global Configuration folder and
expand the Object Stores folder.
A list of object stores that exist in the EDU_P8 domain are shown.
• Click the Sales object store.
The Sales tab opens.
• On the left pane, expand the Administrative > Workflow system and observe
that there are nodes for Connection Points and Isolated Regions.
To learn more about how to configure a workflow system, refer to the F231G: IBM
Case Foundation 5.2.1 - Configure the workflow system course.
• On the left pane, collapse Administrative, expand the Browse folder and then
verify that there are two main nodes: Root Folder and Unfiled Documents.
• Expand Root Folder to view all the top-level folders that exist in this object store
and then click Orders folder to open it.
• From the Orders tab > Contents subtab on the right, notice a list of documents
that are filed in this folder.
• Open a document by clicking the link in the Containment Name column.
The document opens in a separate tab with the document name. You can access
the properties and settings of the document.
• On the left pane, collapse the Root Folder and then click the Unfiled Documents
node.
If any documents are added to this object store but not filed in a folder, they will be
listed under this node.
• Close all open tabs on the right pane.
• On the left pane, collapse the Browse folder and expand the Data Design node.
Under this node, are objects that are used to define metadata such as property
templates, classes, and choice lists.
• Expand Classes > Document to view all the document subclasses.
• Expand the Order subclass and notice that there are sub-classes that are called
ProductOrder and ServiceOrder.
• Click Order to open the Order tab on the right pane.
• From the Order tab, click the Property Definitions subtab to access the property
definitions that are defined for the Order class.
You will explore these property definitions in the following steps.
• Collapse the Classes node, expand the Property Templates folder and then
scroll down to customer_name.
You can type the name in the filter field to find it quickly.
This is one of the property definitions that you saw for the Order class in the prior
step.
• Click customer_name to open it and explore the subtabs under the
customer_name tab.
• Close all open tabs on the right.
Find specific objects in a FileNet P8 Domain.
In this task, you will use Administration Console for Content Platform Engine (ACCE) to
find specific objects in the FileNet P8 Domain. For more details, refer to the previous
tasks.
• In ACCE, open the Sales object store, if it is not already opened.
• How many property definitions are defined for the PriceQuote document class?
• What are the names of the two workflows in the Workflows folder?
The names of the two workflows are: Sample Workflow, and Test Subscription
Workflow.
• Click the Head and Shoulder icon on the banner and select Log out to log out of
the Administration Console for Content Platform Engine and then close the
browser.
All the repositories that are configured for this desktop are shown in the list.
• Select the Sales repository.
This is the repository that you explored in the Administration Console for Content
Platform Engine (ACCE) tool in a previous activity.
On the left pane, under the Sales repository, a list of top-level folders, to which the
user has access is shown.
• Click Workflows and then observe that there are two documents filed in this folder.
This is the folder that you explored in the ACCE tool in a previous activity.
The documents in the selected folder are shown on the right pane. If there are any
subfolders, they will also displayed.
• On the left pane, click the Orders folder, select a document (for example, PO
3411.tif) by clicking the document title.
Single-click the document to view the properties on the lower right pane. A double-
click opens the document in the Viewer (for the document mime types that are
configured for this desktop).
Content Navigator provides a thumbnail view of the document on the upper right
pane.
• Review the information that is shown in the Properties section on the right pane.
The document class is ProductOrder. It includes many custom properties that are
specific to product order documents, such as customer_id, customer_name,
po_number, and product_ids.
Manage logging
The Content Platform Engine, which is the main component of IBM FileNet P8
Platform, provides logging capabilities for tracking functional issues and
troubleshooting. In this section, you will learn how to monitor the system logs and
configure trace logging for troubleshooting.
Content Platform Engine System Logs
Content Platform Engine produces several log files during normal operation. Following
are the primary troubleshooting tools for the administrator:
• p8_server_error.log
• pesvr_system.log
• p8_server_trace.log
You must become familiar with normal log entries and monitor these log files to observe
changes in behavior that might indicate a problem and to ensure that log files are
managed. Keep the files to a reasonable size, roll over to new files and delete old ones
when you no longer need them.
If the organization uses workflows, the following tools are available to monitor the
workflow system:
• vwtool
• vwmsg
• pelog
• peverify
The IBM Case Foundation administration courses will help you use these tools
effectively.
Default location of logs
By default the Content Platform Engine logs are stored in the following locations:
• WebSphere Application Server:
<install_root/profiles/profile_name/FileNet/server_instance_name>
Example:
C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\FileNet\server1
• WebLogic Server:
bea/user_projects/domains/domain_name/FileNet/AdminServer
You can change the location where the files are stored. The Content Engine Startup
Content page (CE Ping page) shows the path configured for the log files. In a clustered
environment, each server will contain its own Content Platform Engine log files. They
are located in the server_instance_name under the current working directory of the
deployed application.
Web application server logs
When troubleshooting IBM FileNet P8 Platform, you will need to collect the logs from
the Content Platform Engine as well as the logs from the web application server. IBM
Content Navigator, which provides the user interface for IBM FileNet P8 Platform, logs
errors and entries in the web application server’s logs.
Each web application server generates its own logs.
The following list contains supported web application servers, default path for the log
files, and the name of the log files in the order of importance.
WebSphere
• Location: install_root/profiles/profile_name/logs/server_name
• Examples of log locations:
WebSphere (Windows): C:\Program Files\IBM\WebSphere\AppServer\profiles\
AppSrv01\logs\server1
WebSphere (Linux):
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/logs/server1
• Log files:
• SystemOut.log
• SystemErr.log
• startServer.log
• stopServer.log
WebLogic
• Location: oracle_home/admin/domain_name/aserver/servers/AdminServer/logs
• Examples of log location:
C:\bea\user_projects\domains\base_domain\servers\AdminServer\logs
• Log files:
• AdminServer.log
• access.log
• Base_domain.log
Note that the MustGather technote
(https://www.ibm.com/support/docview.wss?uid=swg21308231) provides suggestions
for what data and logs to collect when reporting an issue with support. If your
organization has a dedicated web application server administrator, you will need to
collaborate to capture the requested web application server logs.
Trace logs
Trace logs are used to troubleshoot specific issues. Trace logging is typically
implemented to collect and record information about application failures in test or
production environments. If you open a support call, the representative might request
that you enable trace logging and reproduce the issue. In that situation, the
representative recommends which subsystem flags to enable and what level of detail to
collect.
You can configure trace logging at the domain level or the site level. The site-level
configuration takes precedence over any domain level settings. Site level configuration
is used in organizations that have servers and users in more than one geographical
location. For details about Domain and Site, refer to the Architecture and domain
structures section in this course.
Use Administration Console for Content Platform Engine to configure trace logging,
including configuring the level of details for server trace logging and setting the location
of the trace log file. The configuration is done on the Trace Subsystem tab of the
domain properties. The default file name is p8_server_trace.log.
Disable trace logging when you no longer need it. Trace logs can grow quickly and
impact system performance and disk space.
Guidelines for monitoring log files
• Establish a baseline and know what to expect.
Part of detecting problems is being aware of what normal activity looks like. If you
establish a baseline of activity and you are familiar with the normal error messages
that your system generates, you can better detect anomalies, such as new or more
frequent error messages.
• On the Configuration tab, select None to disable the trace output and then click
OK at the end of the page.
• In the Messages section, click Save to save the configuration.
• Log out of the WebSphere Integrated Solutions Console and close the browser.
The change does not take effect until WebSphere Application Server is restarted.
You restart WebSphere Application Server in the next task.
Archive old log files.
In this task, you stop the server and archive the WebSphere Application Server and
Content Platform Engine logs.
• Open the WebSphere Admin folder on the desktop, right-click the _4 Stop
server1.bat file, and then select Run as administrator from the list.
• Click Yes when you are prompted with the User Account Control dialog box to
allow the program to run.
Wait for the operation to complete (the command window closes).
• Minimize the WebSphere Admin folder window.
• Maximize the Windows Explorer window where you viewed the Content Platform
Engine log files earlier: C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\FileNet\server1.
• Create a folder that is called Archived_CPE_Logs (this name is not critical) in this
directory to store the archived Content Platform Engine logs and then move all the
four *.log files to the new folder.
• On the File Access Denied dialog box, select the Do this for all current items
option and then click Continue to move the files.
• Minimize the Windows Explorer window.
Maximize the Windows Explorer window where you viewed the WebSphere
Application Server log files earlier: C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\server1 folder.
• Create a folder that is called Archived_WAS_Logs (this name is not critical) in this
directory to store the archived WebSphere Application Server logs and move the
SystemOut.log, startServer.log, and SystemErr.log files to the new folder.
• On the File Access Denied dialog box, select the Do this for all current items
option and then click Continue to move the files.
• Minimize the Windows Explorer window.
• Open the WebSphere Admin folder on the desktop, right-click the _1 Start
server1.bat file, and then select Run as administrator from the list.
• Click Yes when you are prompted with the User Account Control dialog box to
allow the program to run.
Wait for the operation to complete (the command window closes).
• Minimize the WebSphere Admin folder window.
Examine the new log files
If no log files exist, the Content Platform Engine (CPE) and the WebSphere Application
Server create new logs at startup.
• Maximize the Windows Explorer window where you viewed the CPE log files
earlier: C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\FileNet\server1.
• Notice the four log files that are created with the current date and time.
If the contents of the tab is displayed, click the tab or click Refresh and the content
will be refreshed.
• On the Trace Subsystem subtab, select the Enable trace logging option.
• For the Log file location field, select the Use default option.
The trace log is saved in the same folder as the Content Platform Engine log files.
• Scroll down to the Subsystems section and select the Detail level trace options
for the following subsystems:
• Error Trace Flags
• Search Trace Flags
Moderate and Summary levels are automatically selected.
Log files at the Detail level grow quickly. Enable only the subsystems that you
need. Remember to disable trace logging when you no longer need it.
• Click Save to save the EDU_P8 domain configuration and then click Refresh.
• On the left navigation pane, expand the Global Configuration > Administration >
Sites node and select Initial Site (Default).
• From the Initial Site tab on the right pane, select the Trace Subsystem subtab
and verify that EDU_P8 (server hierarchy object) as the Configuration source.
• If it is not already selected, select the option, click Save, and then click Refresh.
Ensure that Enable trace logging is selected.
• Log out of the administration console and close the browser.
• Maximize the Windows Explorer window where you viewed the Content Platform
Engine log files earlier: C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\FileNet\server1.
• Open the p8_server_trace.log file in Notepad++ and then verify that the file
contains a few of DEBUG level entries at the end of the file.
The Debug value is on the Sev column of the log file.
If the entries are not listed, close the file, refresh on the Windows Explorer window
and then open again.
• Close the trace log file and minimize the Notepad++ window.
Configure trace logging at the site level.
In the previous task, you enabled trace logging at the domain level. In this task, you
configure the trace logging at the site level and it will override the domain settings.
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• In the ACCE, on the left navigation pane, expand the Global Configuration >
Administration > Sites folder and click Initial Site (Default).
• From the Initial Site tab on the right, select the Trace Subsystem subtab and then
select Initial Site (this object) for the Configuration source field.
• When you are prompted with a dialog box Selecting this option means…, click
OK and then verify that Enable trace logging is selected.
The parent (domain) configuration values that apply to child objects will not apply to
this node (site). Since the settings are configured on the site, it will override the
settings on the domain, and so domain configurations values will not apply.
• For the Log file location field, select the Other location option and then type
C:\temp.
The trace log will be saved to this new folder.
Configure auditing
The Content Platform Engine, which is the main component of IBM FileNet P8
Platform, provides auditing capabilities for tracking additions, changes, and deletes to
the object store content. In this section, you will learn how to configure auditing.
What is auditing?
Auditing is the automatic logging of actions that are performed on a FileNet P8 object or
a class.
• You can audit custom or system events that occur for objects so that you can track
critical activities.
• Most events on FileNet P8 classes can be audited including the events for security,
content management, and business transactions.
• The automatic logging of an event creates an audit entry in the audit log (in the
database Event table).
• Audit entries can be programmatically created by custom applications.
For example, you can configure an audit definition for a document class to automatically
log audit entries whenever documents of that class are checked in. Checking in a
document is the initiating action that causes the CheckinEvent event to fire, which in
turn causes an audit entry to be logged.
The following representation shows the sequence of cause and effect:
Initiating action (Checking in) => Event fired on source object (CheckinEvent) => audit
entry created in the audit log
Reasons for auditing
You configure auditing to gain information about objects:
• How often was this document accessed?
• When did this property value change?
• Which user made the change?
• Who deleted that document?
With auditing, you can record every time a document is opened, any changes to this
document, and every time something was filed in a folder. You can also monitor if a user
tries to open a document while lacking read access (denial of access).
• On the Sales tab > General subtab, scroll down and then select Yes from the list
for the Enable auditing field (third row from the bottom of the page).
Verify that your audit definitions are listed on the Audit Definitions subtab of the
Order tab with the values that you selected.
• To examine the information that is provided in the audit entry, click the Update link.
• From the Update tab, under the General subtab, examine the values in the fields.
• On the left pane for the Sales object store tab, click the Search icon.
• From the Saved Searches tab on the right pane, click New Object Store Search
to create a new search.
• In the New Object Store Search tab > Simple View subtab, select the values for
the following fields:
• Class: Object Change Event
• Column A: Date Created
• Condition: Less than
• Value: Tomorrow’s date and any time
The Completed New Object Store Search contains the class and date that you
entered.
You can also search for the Event parent class (instead of Object Change Event)
which will return more results.
• Scroll down and in the Search Result Display section, select Audit Sequence for
the Order By field.
• In the Search Results tab, review the results and verify that there are two types of
audit entries: Update Event and Deletion Event.
• On the Summary page, verify the values that you entered, click Finish, and then
on the Success page, click Close.
• In the Audit Disposition Policies tab, click Refresh.
Verify that your new audit disposition policy is listed.
• Close the Audit Disposition Policies and Sales tabs and leave the administration
console open for the next task.
Configure the audit subsystem.
The audit subsystem controls the pruning of the audit entries from the audit log. In this
task, you enable the audit subsystem so that the auto disposition policy that you defined
in the previous task can run.
• In ACCE, from the EDU_P8 tab, select the Audit Subsystem subtab on the right
pane.
Use the down arrow on the right to select the tab.
• Click Refresh if the content on the tab is not displayed.
• On the Audit Subsystem subtab, select the Enable audit pruning option.
Recall that in the previous activity, the same search returned results. Since you
deleted the audit entries by using an audit disposition policy, the search returns
zero results.
• Close the Object Change Event Query, Saved Searches, and Sales tabs.
• In Windows Explorer, navigate to the folder that contains the Content Platform
Engine server logs: C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\FileNet\server1
• Open the p8_server_error.log file in Notepad++, scroll to the end of the file, and
then verify that a full audit disposition sweep was completed.
Note: A single line on the log file is shown in two screen captures.
• Close the file, minimize the Notepad++ and the Windows Explorer windows.
Configure an audit disposition schedule.
In this task, you create a schedule for the audit subsystem so that the audit disposition
policy runs every 5 minutes, one day a week.
• In the ACCE, from the EDU_P8 tab, select the Audit Subsystem subtab.
• On the Audit Subsystem subtab, scroll down to the Schedule area and click
New.
• Use the following values for the fields to configure on the New Time Period dialog
box:
• Day of week: Today’s day of the week
• Start time: Current system time plus 5 minutes
• Duration: 0 hours 15 minutes
For the Start time field, select closest time slot that is listed, then edit the value.
• Click OK on the dialog box and then click Save on the EDU_P8 tab.
• Log out of the administration console and close the browsers.
Create some audit entries.
In this task, you use IBM Content Navigator to update property values for documents.
• In the Mozilla Firefox browser, click the Sample Desktop bookmark or enter the
following URL: http://vclassbase:9081/navigator
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• From the upper right, click the down arrow next to LoanProcess and select Sales
from the list.
• On the left pane, from the Sales object store, click the Orders folder.
• On the right pane, right-click a document (Example: Order Basic A) and then
select Properties.
• On the Properties tab, change the value (Example: 150) for the Amount_due
property and then click Save.
• Repeat the previous steps in this task to change the value for the Amount_due
property on a couple of the documents.
If any of the documents do not have a value for this property, type a value.
• Log out of IBM Content Navigator and close the browser.
• In Windows Explorer, navigate to the folder that contains the Content Platform
Engine server logs: C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\FileNet\server1
• Open the p8_server_error.log file in Notepad++, scroll to the end of the file, and
then verify that there are a series of delay entries, one for each object store.
Lengthy lines on the log file are shown in two screen captures.
The Audit Disposition subsystem is delaying until the time that you scheduled as
the start time. If the start time is reached, there will not be any delay queues,
instead there will be an entry with a full audit disposition sweep that is completed.
• Check the p8_server_error.log again after 5 minutes and then keep checking the
log until after the 15-minute duration time expires.
• In Notepad++, right-click the tab with file name and select reload to refresh the
entries in the file.
Notice that after the duration time expires, there are no more entries that are
logged for a full audit disposition sweep. The next audit disposition sweep will run
one week from today, starting with the scheduled start time.
One of the entries should show a number of records that are deleted,
corresponding to the number of documents that you updated.
If the entries are not shown at the expected time, close the file and reopen.
• Close the p8_server_error.log file and then minimize the Notepad++ window.
Disable auditing on the Sales object store.
Since the audit logs can grow quickly and use up storage space, you will disable
auditing for the object store that you enabled earlier.
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the left pane of the EDU_P8 tab, expand the Object Stores folder and then
click the Sales object store.
• On the Sales tab > General subtab, scroll down and select No from the list for the
Enable auditing field (third row from the bottom of the page).
• Click Save and then click Refresh.
• Log out of the administration console and then close the browser window.
• To reduce network traffic, content can be cached on the file system that is
local to the Content Platform Engine (CPE) server.
• A content cache area is an area that contains frequently accessed document
content that is duplicated from the original content in storage areas.
• The following content caching options are available:
• Not Allowed: Storage area content caching is disabled.
• Cross-site Only: Caching of storage area content is available only when
the storage area does not belong to the same site as the server that
accesses the content.
• Allowed: Storage area content can be cached to any cache area.
Note that if encryption is enabled, the content will be encrypted in the content cache as
well as in the storage area.
• Storage level hold for Hitachi devices
Support has been added for implementing storage level holds on content stored on
Hitachi HCL storage devices.
This is an aligned mode feature:
Both the CPE software and the Hitachi storage hardware set the storage hold.
CPE controls the storage hold and determines when to set and clear the storage
hold on the Hitachi storage device. When a storage hold is set, content cannot be
deleted until the storage hold is removed.
The storage hold capability is enabled through the Administration Console for
Content Platform Engine. When enabled, all new content that is stored on Hitachi
storage has a hold placed on it. When the content is to be deleted, CPE removes
the hold prior to deleting the content on Hitachi storage.
Storage level hold applies to content that is ingested after the capability is enabled.
You cannot apply storage holds to existing content.
Storage level holds can be applied whether the Hitachi storage device is
configured in aligned or unaligned mode.
• Indirectly: You indirectly change the resource status when you set a storage area
to be online or offline. For example, enabling the storage area to be online causes
the resource status to be Open, and disabling the storage area causes the
resource status to be Closed.
• Directly: You can directly change the resource status for a storage area.
What is storage policy?
A storage policy provides mapping to specific physical storage areas and is used to
specify where content is stored for a class or object with content (for example, a
document). Each storage policy can have one or more storage areas as its assigned
content storage target.
• Verify that the value for the Total files field is 0 (zero) and then close the tab.
• On the left pane, collapse the Administrative node and then expand Browse.
• Right-click Root Folder and then select New Folder to create a folder.
• From the New Folder tab on the right pane, type Test for the Folder name field
and then click Next.
• Leave the defaults, click Next one more time, and then on the Summary page,
click Finish.
• Click Close on the Success page and then click Refresh on the LoanProcessQA
tab.
• On the left pane, expand Browse > Root Folder, right-click the Test folder, and
click New Document to add a document.
• From the New Document tab on the right pane, type TestDoc for the Document
title field, select the With content option, and then click Next.
• On the Document Content Source page, under the Content Elements section
click Add.
• On the Add Content Element dialog box, click Browse.
• On the File Upload window, select a document (Example: SampleDoc1.docx)
from the C:\Training\F2810G\SampleDocs folder and then click Open.
• On the Add Content Element dialog box, click Add Content.
• Click Next four more times (On the Document Content Source, Object
Properties, Document Content and Version, Specify Settings for Retaining
Objects pages).
• On the Advanced Features page, verify that Default Database Storage Policy is
selected and then click Next.
This default policy is associated with the default storage area. After you add this
document, there will be a change in the total number of files for the default storage
area.
You will work with Storage policy in the following activity.
• On the Summary page, click Finish and then click Close on the Success page.
View the default storage area statistics again:
• On the left pane, navigate to Administrative > Storage > Storage Areas and click
Default Database Storage Area.
• From the Default Database Storage Area tab on the right pane, open the
Statistics subtab and click Refresh.
• Verify that the Total files field now has a value: 1 (one).
• In the Properties window, click the Security tab and then verify that the permission
for the non-admin users (Example: EDU\Users) is read-only to the folder.
Only the system admin user must be able delete and write files in the file store
directories.
• Click Cancel and then close the Windows Explorer.
Create a file storage area.
In this task, you will create a file storage area in Administration Console for Content
Platform Engine (ACCE).
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the left pane, expand the Object Stores folder and then click the
LoanProcessQA object store.
• From the LoanProcessQA tab, on the left pane, expand to LoanProcessQA >
Administrative > Storage and click Storage Areas.
• From the Storage Areas tab on the right pane, click New.
• On the New Storage Area tab, select File for the Storage area type field and click
Next.
• Type Loan Storage Area for the Display name field, scroll down to verify that
Initial Site is selected for the Site field, and then click Next.
• Configure the Storage Area with the following data:
• Root directory: C:\filenet\Loan_filestore
This is the directory that you created in the previous task.
• Directory structure size: Small
Small structure will create two levels with a total of 529 directories. Similar to
the one that you inspected in the earlier task.
• Maximum number of elements: Unlimited
• Maximum size: Maximum allowed on device
• Delete method: Destroy
• Encrypt content: Disabled
• Options:
• Suppress duplicate content elements: Cleared (Not selected)
• Compress content: Selected
• For all other fields, leave the defaults and click Next.
Click the information icon next to each field name to get more details about that
field.
• For Select a Storage Policy for this Storage Area, leave the defaults (not
selected) and click Next.
You will create a storage policy in the next activity.
• Click OK to close the message about mapping the storage area to a storage policy.
• On the Summary page, review the details and click Finish.
Ensure that <None> is selected for the Default storage policy. By selecting these
values, you are removing the previous choice of Default Database Storage Policy.
You will now be able to test your storage area.
• Click Save on the toolbar and then when prompted, click Cancel on the Propagate
Metadata Changes dialog box.
Depending on the configuration on this page, it affects the subclasses of the
Document.
• Close the Document tab.
• Click Refresh on the LoanProcessQA object store tab.
Edit your storage area.
This task demonstrates how you can edit an existing storage area. You will edit the
Loan Storage Area that you created earlier to modify the properties and update the
Statistics tab.
• From the LoanProcessQA tab, on the left pane, expand Administrative >
Storage > Storage Areas and then click Loan Storage Area.
• From the Loan Storage Area tab on the right pane, click the Configuration subtab
and then edit the following fields.
• Content Caching: Not Allowed
• Delete method: Purge
• From the Loan Storage Area tab, open the Statistics subtab.
• In the Storage Area Maximums section, change Maximum Size to 10 MB.
Click the circle beside the field and change the value.
• In the Storage Policies subtab, observe that the Storage Area is not yet mapped
to any Storage Policies.
You will create a policy in the next task.
• Click Save to save your changes to the storage area properties.
• Leave the Loan Storage Area tab open for the next task.
• From the LoanProcessQA tab, click Refresh.
Add a document to verify the configuration.
In this task, you will verify that adding a document (of Document class) to the system
adds the content to the new file storage area. You will also verify the default storage
area statistics before and after adding a document.
The Loan Storage Area tab is opened from the previous task. If it is not open, open it
by using the following step.
• From the LoanProcessQA tab, expand Administrative > Storage > Storage
Areas and click Loan Storage Area tab.
• On the Loan Storage Area tab, click Refresh, open the Statistics subtab, and
verify that there are zero files.
• Expand Browse > Root Folder, right-click the Test folder, and then select New
Document.
• From the New Document tab, type the name for the document: Storage Area
Test
• Confirm that Document is selected for the Class field and the With Content option
is selected.
• Click Next and then on the Document Content Source page, click Add.
• On the Add Content Element dialog box, click Browse.
• On the File Upload window, select a document (Example: SampleTextDoc2.txt)
from the C:\Training\F2810G\SampleDocs folder and then click Open.
• On the Add Content Element dialog box, click Add Content.
• Click Next four more times (On the Document Content Source, Object
Properties, Document Content and Version, Specify Settings for Retaining
Objects pages).
• On the Advanced Features page, confirm that Loan Storage Area is selected
and then click Next.
• On the Summary page, click Finish and then click Close on the Success page.
• On the left pane, click the Test folder under Browse > Root Folder.
• From the Test tab on the right pane, click Refresh, verify that your new document
(Storage Area Test) is listed, and then click Close.
• On the Loan Storage Area tab, click Refresh, select the Statistics subtab, and
then confirm that the Loan Storage area now contains one file.
The value for the Total files field shows 1 (one).
• Log out of the administration console and close the browser.
• In the Storage Areas tab, click Refresh and then verify that the FS2 Storage Area
is listed and it has 0 for the Total Files.
• Close the Storage Areas tab and then from the LoanProcessQA tab, click
Refresh.
Configure a new storage policy.
In this task, you create a New Storage Policy and configure it.
• From the LoanProcessQA tab, expand Administrative > Storage and click
Storage Policies on the left pane.
• From the Storage Policies tab on the right, click New.
• On the New Storage Policy tab, type Farm Storage Policy for the Display name
field and then click Next.
• On the Select the Content Storage Method page, choose the Select the storage
Areas from a list option and then click Next.
• For the Storage areas field, select FS1 and FS2 from the list and then click Next.
• On the Summary page, review the information, click Finish, and then click Close
on the Success page.
• On the Storage Policies tab, click Refresh and then verify that your Storage Policy
is listed.
• From the LoanProcessQA tab, click Refresh.
Assign the storage policy to the Document class.
In this task, you will remove the previously assigned storage areas and configure the
storage policy for the Document class.
• From the LoanProcessQA object store tab, expand Data Design > Classes on
the left pane and then click Document class.
• From the Document tab on the right pane, under the General subtab, scroll down
to the Default storage policy field and then select Farm Storage Policy from the
list.
• Select <None> for the Default storage area field.
Ensure that <None> is selected for the Default storage area. The Farm Storage
policy specifies the FS1 and FS2 storage areas to save the content for the
Document class.
If both the Default storage area and the Default storage policy are set, the Default
storage area setting takes precedence and the storage policy that you defined is
ignored.
• In the Document tab, click Save.
• When prompted, click Cancel on the Propagate Metadata Changes dialog box.
• In the Document tab, click Refresh and then click Close to close the Document
tab.
• Log out of the administration console and close the browser.
Verify that storage area farming is working.
To verify that the storage area farm functions, you will add some documents to the
LoanProcessQA object store and then view the statistics of the FS1 and FS2 storage
areas.
• In the Mozilla Firefox browser, click the Sample Desktop bookmark or enter the
following URL: http://vclassbase:9081/navigator.
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• From the upper right, click the down arrow next to LoanProcess and select
LoanProcessQA from the list.
• On the left pane, click the Test folder under the LoanProcessQA object store.
• In Windows Explorer, navigate to C:\Training\F2810G\SampleDocs, select and
drag all the files (but not the subfolders), and drop them to the IBM Content
Navigator Test folder.
The screen capture that is shown here is a sample. Depending on the number of
documents that you added and how they were load-balanced, you might get
different numbers for FS1 and FS2.
• Log out of the administration console and close the browser.
• On the File System Storage Devices tab, click Refresh and then verify that
AFSD1 is listed.
• From the LoanProcessQA tab, click Refresh.
• Create another File System Storage Device by repeating the above steps and by
using the following values.
• Display name: AFSD2
• Root directory path: C:\filenet\ADVS2
• On the File System Storage Devices tab, click Refresh, verify that AFSD2 is
listed, and then close the tab.
• Click Next and then on the Associate a Storage Device with this Advanced
Storage Area page, type 2 for the Required synchronous devices field.
• For the Available storage replication devices field, select the two devices that
you created: AFSD1, AFSD2 and then click Next.
The number of required synchronous devices must be greater than zero and equal
to or less than the number of available storage replication devices.
• On the Advanced Storage Area Parameters page, select Validate on creation,
verify that Auto repair on content validation is already selected, and then click
Next.
• On the Select Storage Policies page, select Farm Storage Policy and then click
Next.
• In the Summary page, review the details and click Finish.
• In the Success page, click Close to close the tab.
• In the Advanced Storage Areas tab, click Refresh and verify that the ADV_SA is
listed.
Configure the storage devices.
In this task, you will change one of the storage devices to be the primary synchronous
device. The storage device settings are configured with the defaults. You can change
these settings on the Devices tab of the advanced storage area.
• In the Advanced Storage Areas tab, click the advanced storage area that you
created (ADV_SA).
• In the ADV_SA tab, open the Devices subtab.
• Scroll down, for the AFSD1 row, select Primary synchronous from the list, and
then verify that the AFSD2 row has the value: Secondary synchronous.
• On the left pane, expand the Object Stores folder and then click the
LoanProcessQA object store.
• From the LoanProcessQA tab, on the left pane, expand Administrative >
Storage > Advanced Storage node, and then click Advanced Storage Areas.
• From the Advanced Storage Areas tab, on the right pane, verify that ADV_SA
has some documents.
The Total Files column shows the number of documents that you added. The
number depends on the number of documents that you added.
• Log out of the administration console and close the browser.
Refer to the IBM FileNet P8 Platform V5.5.x Knowledge Center for the requirements of
the following databases:
• Microsoft SQL
• Oracle
• DB2 for z/OS
• DB2 for Linux, UNIX, and Windows server
Global Configuration Database (GCD)
The GCD contains attribute definitions that control functional characteristics of the
resources and services for the FileNet P8 domain.
The GCD provides bootstrapping data and global configuration information for the
FileNet P8 domain.
The GCD also defines domain resources, such as sites (and their related virtual servers
and server instances), full-text index areas, fixed content storage areas, marking sets,
and other data.
Database connection objects
A database connection object identifies the data source pair that provides the Java
Database Connectivity (JDBC) to a database (or for Oracle, tablespace). The JDBC
data source information is used by Content Platform Engine (CPE) to connect to global
configuration database (GCD) and object store databases.
Use the IBM FileNet Configuration Manager (CMUI) tool to create the data sources that
are required for a database connection object. Then use Administration Console for
Content Platform Engine to create a database connection object for an object store to
access the database.
The Database Connection object uses the XA and non-XA data source connections to
connect to the object store database.
• XA is an industry-wide standard for transactions that involve multiple resources.
Content Platform Engine uses the XA data sources for all create, update, and
delete operations because of their rollback and timeout features.
• Non-XA transactions have no transaction coordinator. Content Platform Engine
uses non-XA data sources for search and retrieve operations because these
operations do not modify data, so rollback features are not needed.
As part of installation and configuration of the Content Platform Engine, a profile file
is created. When you need to make updates to the environment, you can create a
copy of the initial configuration file to create a new profile file and then update it.
For your convenience, a copy of the profile file (F2810G_EDU_CPE_profile.cfgp) is
already created on the student system.
• When prompted with the Verify your application server settings before
proceeding message window, click OK.
• Right-click F2810G_EDU_CPE_profile on the left pane and then select Edit
Application Server Properties from the list.
The Properties page opens.
• Verify that the Application server version field has 9.0 as the value and the
Application server administrator user name field has wasadmin as the value.
• Type FileNet1 in the Application server administrator password field and also
in the Confirm field.
• Click Test Connection.
Test Results shows the message that the connection to the server is successful.
• Click OK to close the Test Results message window and then click Finish.
Configure data sources for an object store.
In this task, you will create the data sources for the Content Platform Engine to access
the database. A database called MARK_DB is already created on your student system.
• Right-click the Configure Object Store JDBC Data Sources task and then select
Copy Selected Task from the list.
A copy of the task with a name beginning with the string Copy_of_ is listed in the
left pane.
• Right-click the Copy_of_Configure Object Store JDBC Data Sources task and
click Rename Task from the list.
• In the Rename Task window, change the name to Configure Marketing OS
JDBC Data Sources and then click OK.
• In the left pane, double-click the renamed task and edit the configuration properties
page for the task with the following data.
• JDBC driver name: DB2 Universal JDBC Driver
• JDBC Data Source name: MOSDS
• JDBC XA Data Source name: MOSDSXA
• Database server name: vclassbase
• Database port number: 50000
• Database name: MARK_DB
• Database user name: db2admin
• Database password: Education1
• Confirm (for the password): Education1
Leave the default settings for any values that are not specified in the list.
• Click Save, scroll down and click Test Database Connection.
• If you are prompted, click Yes on the Action Required window to save the task
before proceeding.
A Test Results window is shown with the message that the connection to the
database is successful.
• Click OK to close the Test Results message window and then click Run Task to
create and configure the data sources.
Monitor the status on the Console pane on the lower right of the window.
Wait until the Finished running Configure Marketing OS JDBC Data Sources
message is shown on the Console tab.
• From the menu bar, click File > Close Profile and then click File > Exit to close
the FileNet Configuration Manager.
You will restart the Content Platform Engine (server1) in the following steps to
refresh the server for the new data sources that you created.
• On the left pane, expand the Servers node and click the All servers link.
• From the Middleware servers pane on the right, select the checkbox on the
Select column for the server1 row and then click Stop from the toolbar.
Wait for the server1 to stop and the status column to show a red X icon. You can
refresh the Status column by clicking the Refresh icon next to Status.
• From the right pane, select the checkbox again on the Select column for the
server1 row and then click Start from the toolbar.
Wait for the server1 to start and the status column to show a green forward arrow
icon. You can refresh the Status column by clicking the Refresh icon next to Status.
• Log out of the WebSphere Application Server administrative console and close
the browser.
• If it is not automatically populated, type MOSDSXA for the JNDI XA Data Source
field and then click Next.
• In the Summary page, view the details, click Finish.
• Wait for the process to complete and then on the Success page, click Close.
• In the Database Connections tab, click Refresh, verify that the new MOSDS
connection is listed and then close the tab.
Troubleshooting tip: if all the steps were done correctly but the task fails, it is most
likely due to the data sources (created in the previous activity) were not refreshed.
Restart the student system to refresh the Web Application Server components and
repeat this activity.
Leave the administration console open for the next activity.
Create an object store.
In this task, you create an object store in ACCE.
• On the left pane of the EDU_P8 tab, click the Object Stores node.
• From the Object Stores tab on the right pane, click New.
• On the New Object Store tab, type Marketing as the value for the Display name
field and then click Next.
The Symbolic name and the Description fields are automatically populated with the
same name.
The symbolic name, which is used for internal programmatic purposes, must
contain only ASCII characters and must begin with an alphabetic character.
• Select MOSDS from the list for the Database connection field, type Marketing for
the Schema name field, and then click Next.
Since, the same database can be shared for two or more object stores, each object
store must contain a schema name that is unique for that object store.
Leave the default values (no value) for the other fields.
• On the Select the Type of Storage Area for Content page, click Next.
If you select a storage area other than Database, two storage areas get created
because an object store always has a database storage area. You can select a
different storage area type for your object store after it is created.
• On the Grant Administrative Access page, click Add User/Group Permission.
• On the Add Users and Groups page, for the Search for field, clear the Users
and Special accounts options (checkboxes), and leave Groups selected.
• Type P8 in the field that is next to the Search by field and then click Search.
• In the Search Results section, from the Available Users and Groups pane,
select and move p8admins to the Selected Users and Groups pane.
Use the forward arrow.
• Scroll down and then click OK to close this page.
• Verify that this group is listed on the Grant Administrative Access page, and then
click Next.
It is a good practice to always use groups rather than individual users. Using
Security groups simplifies modifying access rights after the object store is created.
• On the Grant Basic Access page, click Add User/Group Permission, add the
p8users group, and then click Next.
If you don't specify any users and leave an empty list, the wizard automatically
adds #AUTHENTICATED-USER, which gives all network users in the
authentication realm access to the object store. If you know that only specific user
groups need access, then specify those groups instead of the #authenticated-
users.
• On the Select Add-ons page, click Default Application Configuration and verify
that the following add-ons are selected.
• 5.2.1 Base Application Extensions
• 5.2.1 Base Content Engine Extensions
• 5.2.1 Process Engine Extensions
• 5.2.1 Publishing Extensions
• 5.2.1 Stored Search Extensions
• 5.2.1 Workplace Access Role Extensions
• 5.2.1 Workplace Base Extensions
• 5.2.1 Workplace E-mail Extensions
• 5.2.1 Workplace Forms Extensions
• 5.2.1 Workplace Template Extensions
• 5.2.1 Workplace XT Extensions
Although FileNet Workplace XT is no longer used, the add-ons are still required for
some of the features in IBM Content Navigator.
Select only the add-ons that you need to avoid performance issues. If you need
other add-ons later, you can always install them after the object store is created.
But once you install an add-on, it cannot be removed.
• Click Next, on the Summary page, review your selections, and then click Finish to
create the object store.
It can take a while before the progress bar changes and the new object store to be
created.
If a message states that the script is unresponsive, click OK to continue.
• Scroll down, click Connect to test the connection to the repository, and then on the
Log In page, type the following credentials of an administrative user of the
repository:
• User: P8admin
• Password: FileNet1
• Click Log In.
Notice that other tabs for this new repository is now available.
• Save the configuration settings for the new repository by clicking Save and Close.
• On the Repositories tab, click Refresh, and then verify that the new repository is
listed.
This repository is now available to be used in the IBM Content Navigator.
• Close the Repositories tab.
Edit the desktop to add your repository.
In this task, you associate your repository with an ICN desktop so that it is available in
that desktop.
• In the Admin desktop page, from the Desktops tab, right-click the Sample desktop
and click Edit.
• On the Sample tab, click the Repositories subtab.
• From the Repositories subtab, select Marketing repository from the Available
Repositories pane and use the forward arrow (Add) to move it to the Selected
Repositories pane.
• On the Sample tab, select the Layout subtab, scroll down, and select Browse
under the Displayed features section.
• Verify that your repository (Marketing) is listed on the right-most pane under the
Repository Name section.
This setting enables the desktop users (with the appropriate permissions) to
browse the folders and documents in the repository.
• On the Sample tab, click Save and Close.
• When you are prompted that you must refresh your browser, click Close.
• Log out of the ICN admin desktop.
Containment Concepts
Subfolders are directly contained and they exist inside a parent folder. They are deleted
from the object store when they are removed from the parent folder.
Documents and other objects are referentially contained in folders.
• You can add a document to any number of folders.
• Adding a document to many folders does not duplicate the document.
• Removing a document from a folder does not delete the document from the object
store.
Class Inheritance and custom classes
Class inheritance is a relationship between classes. One class inherits the structure and
behavior that is defined in its superclasses.
When you create an object store, the system automatically creates class definitions for
all of the system-provided classes. You can create a custom class by creating a
subclass of an original class definition, and adding custom properties to the subclass
that reflect your business needs. Subclasses inherit properties from their super class.
The Document class is the superclass of other document subclasses that you create. It
defines the behavior of a document and contains important system properties such as
Content Element, Version, and Date created. You cannot remove a property from a
subclass that was inherited from its superclass.
What is a Property?
A property is a characteristic of a class. It helps identify the object that the class
includes. Properties hold individual values that describe an object. Properties of a class
can be of different types.
Property templates
A property template is a collection of metadata properties that globally define a
property. It has no function in the object store until it is assigned to a class as a custom
property. You can assign it to any number of classes in an object store. Its symbolic
name must be unique within a class family.
Definition of a property includes the following metadata:
• Data type: Scalar or object-valued
• Cardinality: Single or multivalue
• Settability: Read-only, read/write
The above diagram shows the available pool of property templates and their possible
relationships to the property definitions in classes.
The distinction between property templates and definitions is subtle but important.
If you change a property definition of a class, then only that class is updated. When you
create classes, you select the property template from the object store pool where the
property template remains in its original state.
Choice lists
A choice list is a collection of predefined property values (choice items) that can be
used to present values in logical groups. The users then select a value instead of typing
an entry. Choice lists make data entry faster for users and also ensure that the data
entered is limited to the valid choice options.
Requirements for a choice list:
• Assign a choice list to a property template to make a choice list available
• Use either a string or an integer data type for a choice list
• Ensure that each choice item within a choice list has the same data type
• Match the choice list data type to that of its associated property template
Usage options:
• You can assign one choice list to multiple property templates.
• You cannot delete the choice list object as long as it is associated with a property
template.
• If the database used by CPE is case-sensitive, the display names of the choice
values in the choice lists are also case-sensitive.
Groups in choice lists
When a choice list contains many values, you can group associated values (create
categories) to help users find the needed value.
Choice lists can be hierarchical. A choice item can act as a group node and hold a
choice list, allowing you to organize related choice values into nested groups. Thus a
choice item can represent four types of values: a single integer value, a single string
value, a group node for a list of integer-type choice items, and a group node for a list of
string-type choice items.
In a hierarchical choice list, users select a category of choices and then select the
choice within that category or group.
• Each class has multiple property definitions (that are based on property templates)
A class consists of its root class properties and more custom properties.
A property has a name and data type.
• A property template can optionally have an associated choice list.
A choice list is a set of predefined values.
• A choice list can be associated with multiple property templates.
For example, many properties can use a single choice list with color choice items.
• Repeat the steps to add another item with the name: End user
• Verify that both the items are listed on the pane.
• Scroll down and then click OK to close the New Item window.
• Back on the New Choice List tab, click New Groups to add a group to the choice
list.
• On the New Groups page, type Dealer in the Display name field and then click
Add.
The group name is added to the pane.
Groups are not actual choice list items because they do not have a value property
that is assigned to them. The groups are useful to organize items within a choice
list. The groups can also be hierarchical.
• Click OK.
• Select Dealer and then click New Items to add choice items to the Dealer group.
• On the New Items page, add the following items.
Display Name and Value are given as pairs.
• Motorcycle, Motorcycle
• Trailer, Trailer
• Vehicle, Vehicle
• Click OK.
• Back on the New Choice List tab, verify that your completed choice list includes a
group with vehicle choice items.
You can edit the choice items. To edit, select the item and click Edit.
You can also rearrange the choice items. To rearrange, click the item and use the
Move Up or Move Down buttons.
• Click Next, and then from the Summary page, click Finish.
• On the Success page, click Close.
Verify the new choice list.
• On the Choice Lists tab, click Refresh, verify that Prospect Type is shown, and
then click the Prospect Type link.
• On the Prospect Type tab, click the Choice Items subtab and then verify that the
choice items that you defined are listed.
• Close the Prospect Type and Choice Lists tabs.
• Log out of the administration console and then close the browser.
• Select String from the list for the Data type field and then click Next.
• For the Select Choice List or Marking Set page, leave the defaults (nothing
selected) and then click Next.
• Select the Single option for the Single or Multi-Value field, and then click Next.
• On the Summary page, view the details and click Finish.
• On the Success page, click Close.
• On the Property Templates tab, click Refresh, scroll down, and then verify that
sales_prospect_name is listed.
You can also type first few letters of the name of your property template (sales) on
the Filter field to filter the list.
Create a Multi-valued property template.
In this task, you will continue on the property templates page of the SalesQA object
store.
• On the Property Templates tab, click New.
• From the New Property Template tab, enter sales_contact_methods for the
Display name field.
• Click Next, select String from the list for the Data type field, and then click Next.
• For the Select Choice List or Marking Set page, leave the defaults (nothing
selected) and then click Next.
• Select the Multi option for the Single or multi-Value field, select Unique and
ordered values for List order, and then click Next.
• On the Summary page, view the details and click Finish.
• On the Success page, click Close.
• On the Property Templates tab, click Refresh and then verify that
sales_contact_methods is listed.
Create a value-required property template.
In this task, you will create a property template with a value-required status. If you want
to use a property both with and without value-required status, you can set the required
status as part of adding the property template to a class definition. The task is included
here for you to practice setting on the property template itself.
• On the Property Templates tab, click Refresh and then verify that the new
property template sales_prospect_id is listed.
• Click Next, select Single on the Single or Multi-Value page, and then click Next.
• On the Summary page, click Finish.
• Click Close on the Success page.
• On the Property Templates tab, click Refresh and then verify that the new
property template sales_prospect_category is listed.
Create a Date Time Type property template.
• In the administration console, create a property template called
sales_last_contact_date by using the following values:
• Name and Describe the Property Template page:
• Name: sales_last_contact_date
• Symbolic name: sales_last_contact_date
• Description: sales_last_contact_date
• From the Sales Prospects tab on the right pane, select the Property Definitions
subtab and then click Add.
• On the Add Properties page, select the following properties that you want to add
to this class.
• sales_prospect_category
• sales_prospect_id
You can also type sales on the Filter field to filter the list. These are the property
templates that you created in the previous activity.
• Scroll down and then click OK to close the Add Properties page.
• On the Sales Prospects tab, verify that the properties are listed, click Save, and
then click Close to close the Sales Prospects tab.
• Leave the administration console opened for the next task.
Create a Document class.
In this task, you will create a custom Document class and add Property Definitions to
the class.
• From the SalesQA tab, expand the SalesQA > Data Design > Classes node on
the left pane.
• Right-click Document and select New Class from the list.
The New Document Class tab opens.
• On the New Document Class tab, enter Sales Prospect Doc for the Display
name field.
Verify that the Symbolic name and Descriptions fields are automatically populated.
Click outside of the Display name field.
• Click Next, click Finish on the Summary page, and then click Close on the
Success page.
• On the SalesQA tab, click Refresh.
• Expand the Data Design > Classes > Document node and verify that the Sales
Prospect Doc class is listed.
• Click Sales Prospect Doc in the left pane.
• From the Sales Prospect Doc tab on the right pane, select the Property
Definitions subtab and then click Add.
• On the Add Properties page, type sales in the filter to show sales-related property
templates only.
• Select the following properties that you want to add to this class.
• sales_times_contacted
• sales_prospect_name
• sales_last_contact_date
• sales_prospect_category
• sales_contact_methods
• Scroll down, click OK to close the Add Properties page and then verify that the
properties are listed on the Sales Prospect Doc tab.
• Click Save and then click Close to close the Sales Prospect Doc tab.
• Log out of the administration console and then close the browser.
Test your Folder class.
In this activity, you will create an instance of your Folder class in IBM Content Navigator
and verify that the instance has the metadata as specified in the class specification.
You will use the choice list and a required property.
• In the Mozilla Firefox browser, click the Sample Desktop bookmark or enter the
following URL: http://vclassbase:9081/navigator
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
The Content Navigator Sample Desktop opens in Browse view.
• Click the down arrow next to LoanProcess on the upper right and select SalesQA
from the list.
• Under the Properties section, for the Class field, select Sales Prospect Doc from
the list and then click OK.
• Type NYB 252 for the Document Title field.
Title could be any text.
• Click the sales_contact_methods field, type Email on the New field, and then
click Add.
• Repeat the above step to add Phone call and then click OK.
• Type or select the following values for the other fields:
• sales_last_contact_date: Five days before the current date
• sales_prospect_category: Reseller (Select from the choice list)
• sales_prospect_name: Victor Byrd
• sales_times_contacted: 2
You cannot delete the choice list object when it is associated with a property template.
When you change the value of an existing choice list item of a choice list:
• only the objects that are created after the change will have the new value
• the objects that are created before the change retain the old value
Refer to the IBM FileNet P8 Platform V5.5.x Knowledge Center for more on the
implications of changing existing choice list items:
https://www.ibm.com/support/knowledgecenter/SSNW2F_5.5.0/com.ibm.p8.ce.admin.t
asks.doc/choicelists/chl_concepts_choice_lists.htm#chl_concepts_choice_lists__ex1
An example scenario for adding a choices group to an existing choice list:
Your company deals with hardware products. You created a choice list that is called
Product Type that contains hardware items such as laptops and monitors. Your
company decided to add software products to its portfolio. You must add a choices
group for software items to the existing choice list (Product Type).
How does the metadata dependencies work?
The following diagram provides a model of how class metadata is interrelated.
When one object references another object, the first object has a dependency on the
second object. The following list shows the flow of dependency:
• An object instance depends on its subclass or class definition
• A subclass definition depends on its parent class definition
• A class definition depends on its property definitions
• A property definition depends on its property template
• A property template depends on its choice list
Sometimes the dependencies are complex because the metadata objects are reusable.
You must consider object dependencies before deleting metadata. You cannot delete
an object when another object refers to it. If you try to delete an object that is referenced
by other objects, you will get an error message. Delete the referenced object or remove
the reference to remove a dependency. The dependencies result in the following
constraints:
• If the class has subclasses or instances, you cannot delete the class.
To remove a dependency, you can either delete the object or edit the object to
remove the dependency. If alternatives exist, avoid deleting an object to prevent
data loss.
• If the property template has dependent property definitions, you cannot delete the
property template.
To delete a property template, you must remove the corresponding property
definition from the class definition.
• If a choice list is used by property templates, you cannot delete the choice list.
To delete a choice list, you must remove the choice list from the property template
as well as remove the corresponding property definition from the class definition.
Remove dependencies in the following sequence, starting with object instance,
subclass definition, class definition, property template, and then finally, choice list.
The following diagram shows dependencies of various objects in an object store.
Do not delete any metadata that is referenced by custom code to prevent breaking
references in custom code.
Always use a test object store before you make metadata changes to a production
system to identify and create solutions for any issues that might occur.
Use FileNet Deployment Manager (FDM) to move class and template definitions
between object stores to help maintain consistency across environments.
The FDM topic is discussed in a later section.
You will change this display name to Prospect ID in the next task.
• Log out of the ICN Sample Desktop and close the browser.
Change the property template display name.
In this task, you change the display name of the sales_prospect_id property template to
Prospect ID.
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the left pane of the EDU_P8 tab, expand the Object Stores folder and click the
SalesQA object store.
• From the SalesQA tab, expand the SalesQA > Data Design node on the left pane
and click Property Templates.
• From the Property Templates tab on the right pane, type prospect in the filter
field to make the property easier to find and then click sales_prospect_id.
• From the sales_prospect_id tab > General subtab, delete the existing value in
the Display name field and then type Prospect ID as the new value for this field.
Observe that the Symbolic Name field and Description field continue to display
sales_prospect_id. The system uses the Symbolic Name internally.
• Change the Description field value to Prospect ID, click Save to save the
changes and then Close.
• In the Property Templates tab, click Refresh and then verify that the property
template is listed as Prospect ID.
• Close the Property Templates tab.
Verify the name change in the Folder class.
In this task, you will check the name change both in the administration console and in
the Content Navigator client.
• In the administration console > SalesQA tab, click Refresh.
• Expand the SalesQA > Data Design > Classes > Folder node on the left pane
and click Sales Prospects folder.
• On the Sales Prospects tab > Property Definitions subtab, verify that the value
is displayed as Prospect ID.
• Log out of the administration console.
Next, you will verify the new display name for the property definition in the IBM
Content Navigator.
• In the Mozilla Firefox browser, clear the cache by clicking History > Clear Recent
History from the top menu.
• On the Clear All History window, verify that Cache is selected, click Clear Now
and then close the browser.
• Reopen the Mozilla Firefox browser and then click the Sample Desktop
bookmark or type the following URL: http://vclassbase:9081/navigator
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the Browse page, select the SalesQA object store from the upper right.
• Click the NYB Company folder to view its properties on the right pane and verify
that the property display name now shows as Prospect ID.
• Scroll down and then click OK to close the New Item window.
• In the Prospect Type tab, verify that your completed choice list includes the new
group.
• Click Save to save the choice list changes and then click Close to close the
Prospect Type tab.
• On the SalesQA tab, click Refresh.
• Log out of the administration console and then close the browser.
Verify the modified choice list.
In this task, you will create a folder in the IBM Content Navigator Sample Desktop and
verify that you are able select a choice item from your new choice group.
• In the Mozilla Firefox browser, click the Sample Desktop bookmark or enter the
following URL: http://vclassbase:9081/navigator
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• In the Content Navigator Sample Desktop, select the SalesQA repository from the
list on the upper right of the page.
• Click New Folder.
• From the New Folder page > Properties section, for the Class field, select Sales
Prospects from the list and then click OK.
• For the Folder Name field, type Test New Choice.
• For the sales_prospect_category field, expand Prospect Type > Manufacturer,
select Cars from the list and then click OK.
• To remove the association of the choice list, click the down arrow next to it and
select Unset Value.
• Verify that the Choice List field shows <Value not set> and then click Save to
save the changes.
This change makes the sales_prospect_category a data entry property template
(without a choice list).
• Leave the sales_prospect_category tab open for the next ask.
Remove a property definition from a class.
In this task, you will check the classes that use the sales_prospect_category property
template and then you will remove the original (prior to modification)
sales_prospect_category property definition that is associated with the Sales Prospect
Doc class definition.
• From the sales_prospect_category tab > Properties subtab, click the Property
Name column to list the items in alphabetical order (if the list is already not
ordered).
• Scroll down to find the Used in Classes property, click the down arrow to go to the
list, and then observe the classes that use this property template.
Sales Prospects and Sales Prospect Doc are listed.
• From the Sales Prospect Doc tab, click the Property Definitions subtab, select
the sales_prospect_category property definition, and then click Remove.
Verify that the property is removed from the list.
• Click Save and then click Close to close the tab.
• In the SalesQA tab, click Refresh.
Assign the property definition to the class.
In this task, you will assign the modified sales_prospect_category property (without the
choice list) to the Sales Prospect Doc class.
• From the SalesQA tab, expand the SalesQA > Data Design > Classes >
Documents node on the left pane and then click Sales Prospect Doc class.
• From the Sales Prospect Doc tab, open the Property Definitions subtab and
then click Add.
• On the Add Properties page, type prospect into the filter, select
sales_prospect_category, scroll down, and then click OK.
Verify that the property is added to the list. This adds the updated property
definition.
• Click Save and then click Close to close the tab.
• In the SalesQA tab, click Refresh.
• Log out of administration console and then close the browser.
Verify the modifications.
In this task, you will create a document of the Sales Prospect Doc class and verify the
change in the property definition. IBM Content Navigator (ICN) has a metadata cache
that retains metadata in the application for an interval. To refresh the metadata within
that interval, you must restart the ICN application first in the WebSphere Integrated
Solutions Console.
• In the Mozilla Firefox browser, click the WAS bookmark or enter the following
URL: https://vclassbase:9043/ibm/console/logon.jsp
• Type the following values for user ID and password and click Log in.
• User ID: wasadmin
• Password: FileNet1
• In the console, expand the Applications > Application Types and then click the
WebSphere enterprise applications node on the left pane.
• On the right pane, select navigator from the list and then click Stop.
Wait until the message is shown.
• Select navigator again and click Start.
Wait until the message is shown. It takes a while.
• Log out of the WebSphere Integrated Solutions Console.
• Clear the Firefox browser cache:
• In the Tools bar, click History > Clear Recent History.
• In the Clear All History window, verify that Cache is selected and then click
Clear Now.
• Close the browser.
• In the Mozilla Firefox browser, click the Sample Desktop bookmark or enter the
following URL: http://vclassbase:9081/navigator
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• In the ICN Sample Desktop > Browse page, select the SalesQA repository from
the list on the upper right of the page.
• Expand the SalesQA object store node and click the NYB Company folder to
open.
• Click Add Document in the tool bar.
• On Add Document page, for the What do you want to save? field, select
Information about the document from the list.
• In the Properties section, select Sales Prospect Doc from the list for the Class
field and then click OK.
• Enter the following values for the other fields:
• Document Title: Test Prop
• sales_prospect_name: Gloria Stanton
• For the sales_prospect_category field, notice that there is no choice list, type
Dealer for the value and then click Add.
• Verify that your new document is listed in the folder, click the document, and view
the values of the properties that you entered on the right pane.
Event actions
You can configure the Content Platform Engine (CPE) to run user-defined code in
response to system or custom events. This user-defined code is called an event action
handler, which you register with CPE as an event action. By using a subscription, you
associate an event action with one or more events and objects.
The code is in Java (or JavaScript) that a developer implements by using the Content
Engine API EventActionHandler interface in the Content Engine API.
A handler can be implemented in the following ways:
• A class file that is in the Java virtual machine (JVM) class path
• A class or JAR file that is contained in a code module
Code modules
A code module is a CPE object that contains one or more Java action handlers and any
supporting libraries. You can create a code module in Administration Console for
Content Platform Engine (ACCE).
Code modules are automatically available when the CPE is deployed to multiple
application server instances, or when you move your content metadata from one
system to another.
If you modify the code for a Java event action handler that is contained within a code
module, you must update any event action that references the code module.
Types of subscriptions
• Event Subscription: runs user-defined code
• Workflow Subscription: launches an IBM FileNet P8 workflow
Define subscription filter
You can create a filter to restrict the application scope of a subscription.
For example, you can filter out creation events that are triggered by check-out events. A
creation event occurs when a user adds a document or checks out a document (a new
reservation object is created). If you want to do something only when adding a
document, you must filter out the creation events that are caused by a check-out by
adding the following filter:
MajorVersionNumber=1 and
MinorVersionNumber=0)OR(MajorVersionNumber=0 and
MinorVersionNumber=1)
The filter in the preceding example applies to the new document object (the source
object) that is passed into the event handler. As a new document, it has a version
number of 1.0 or 0.1.
Workflow subscription
The workflow subscription starts the workflow event action, which in turn launches a
workflow. The subscription specifies a workflow in addition to specifying the trigger
event, target object, and event action.
The workflow definition must exist in the object store and must be transferred. A
workflow subscription applies to a specific version of a workflow definition. If the
workflow definition is updated, then the workflow subscription must be updated as well.
Subscriptions run mode
Event subscriptions can be run synchronously or asynchronously.
• In a synchronous subscription, the operations of the object and the event actions
are completed as a single transaction. Failure in either results in rollback of both
operations.
• In an asynchronous subscription, the operations of the object and the event actions
are completed as separate transactions. Object operation can succeed
independently of the event action operations.
Disabling subscriptions
You can disable a subscription without deleting it. For example, you can disable it for
testing and while you fix a problem. After you change the event action, re-enable the
subscription.
• Deleting a subscription is permanent, but disabling the subscription is temporary.
• For disabled subscriptions, the Enabled column displays the value False.
• For the Java class handler field, type the following text:
com.ibm.filenet.edu.LogEventActionEDU
Type the Java class name exactly as shown because it is case-sensitive.
• Select the Configure code module option.
• Click Next and then click Browse on the Specify the Code Module page.
• On the File Upload window, navigate to the C:\Training\F2810G folder, select
EDULog.jar and then click Open.
• Back on the New Event Action tab, for the Code module title field, type Log
Event Action.
• Click Next, review the entries that you made on the Summary page, and then click
Finish.
• On the Success page, click Close.
• On the Event Actions tab, click Refresh, verify that the event action that you
created is listed, and then close the tab.
Create a Subscription.
In this task, you will create a subscription and specify subsctiption behavior.
• On the Sales tab, click Refresh.
• On the left pane, expand Sales > Data Design > Classes > Document, right-click
Order, and then click New Subscription from the list.
• From the New Subscription tab on the right, type Log Subscription in the
Display name field, verify the Description field, and then click Next.
• For the Scope field, leave the default option of Applies to all objects of this
class and then click Next.
• For the Triggers field, select Creation Event from the Event Name list and then
click Next.
• Select Log Event Action from the list.
• Click Next and on the Specify Additional Options page, select the Enable this
subscription and Include subclasses options.
• For the Filter expression field, type the following text:
(MajorVersionNumber=1 and MinorVersionNumber=0) OR
(MajorVersionNumber=0 and MinorVersionNumber=1)
The filter expression ensures that the triggering event occurs only when the
document is first added to the repository.
Because checking in a document can also trigger creation event. You want the
event action to get triggered only when you add a document and not when you
check in a document.
• Click Next, verify the summary of details, and then click Finish.
• On Success page, click Close.
• From the Sales tab, and click Refresh.
• On the left pane, expand Sales > Events, Actions, Processes > Subscriptions
and then verify that Log Subscription is listed.
If you test in the IBM Content Navigator desktop, document class is shown as
GUID:
Optional task: You can add a document in the IBM Content Navigator desktop by
using the following steps and check the EventLog.txt file for the log entry.
• In the Mozilla Firefox browser, click the Sample Desktop bookmark or enter the
following URL: http://vclassbase:9081/navigator
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the Browse page, click the down arrow next to LoanProcess on the upper
right and select Sales from the list.
• Double-click Test Events Folder to open the folder and then click Add Document
from the toolbar.
• On Add Document page, for the What do you want to save? field, select
Information about the document from the list.
• Under the Properties section, for the Class field, select Order from the list and
then click OK.
• Type Log Test 5 for the Document Title field.
Title could be any text. Leave the default values (or no values) for all other fields.
• Click Add in the lower right corner of the page.
• Back on the Browse page, verify that the new document is listed under your folder.
• Log out of ICN Sample Desktop and then close the browser.
• In Windows Explorer, open the EventLog.txt file (in Notepad++) from the
C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01 folder.
Verify that the file contains an additional entry and the document class value is
shown as GUID.
• Click Save to save your change to the event action and then click Close.
• Close the Log Event Action tab.
The updated code module generates an event log entry that also includes the
name of user that added the document. On the student system, you might have
more entries depending on the number documents added in the two activities.
• Close the EventLog.txt file, log out of the administration console, and then close
the browser.
User roles
Different user roles provide varying level of access to the objects. For example,
administrators, solution builders, authors, and users might have different access rights
to the same objects.
Even administrators with access to Administration Console for Content Platform Engine
can have different levels of access to objects. For example, one administrator might
have permission to modify property templates that another administrator has no access.
User and groups
The directory service defines the security principals (user or group). Users are assigned
to groups. Use groups as primary security principals whenever possible.
#AUTHENTICATED-USERS group
This special group represents all users in the LDAP domain and who have been
authenticated by the application server. You use this group if you want to grant access
to an object to all users of IBM FileNet P8 Platform. If you do not specify initial users,
#AUTHENTICATED-USERS group is added automatically.
In a production environment, configure initial user groups to prevent an object store
from being used by all domain users.
In development and test environments, it can be useful to give this group basic rights
and then work on refining access within the object store.
Object ownership
Most objects have an owner who is typically the user who created the object. IBM
FileNet P8 Platform automatically applies an internal special user account called the
#Creator-Owner and grants full control access on that object.
IBM FileNet P8 object security terms
Object access rights (which are also called permissions) determine which users can
access the objects and what kind of tasks the users can do. Following are the key
terms used in the IBM FileNet P8 Platform security:
• Access Control List (ACL)
Each securable Content Platform Engine object has an associated security
descriptor, part of which is the Access Control List (ACL). An ACL is a collection of
all the Access Control Entries (ACEs) on an object.
• Security Template
Template permissions are assigned to the objects by a security policy. Security
policies along with document versioning states allow an administrator to configure
the system to automatically modify ACLs on documents when their versioning state
changes. For example, the administrator can configure a system to automatically
grant access to a document to a wide audience when it is released.
Order in which security source permissions are granted
Each ACE has one access type either allow or deny. When evaluating the access
granted by a particular ACL, the current system applies ACEs in the following order:
• Direct/Default - Deny
• Direct/Default - Allow
• Template - Deny
• Template - Allow
• Inherit - Deny
• Inherit - Allow
Higher on the list takes precedence over the lower items. Deny takes precedence over
allow within each category. For example, if you explicitly deny an access right to a
group and explicitly allow it to a member of that group, the access right will be denied to
the member.
Independent and dependent security
Most objects have Access Control Lists (ACLs) that can be independently set. These
objects are called independently securable.
Dependently securable objects depend on their parent object for their access rights.
They are secured through the parent object.
Examples of dependently securable objects:
• Content elements, which have the same security as the associated document
• The individual choices in a choice list, which have the same security as the object
that the choice list is assigned to
• A lifecycle state in a lifecycle policy
Similar errors can also occur if the LDAP directory service is not reachable. In a
scenario where the user exists in the LDAP directory and you still get this error, you
must look at the error logs to check if the LDAP service is reachable.
• Close the browser.
Log in as an unauthorized user.
A user, in addition to being a member of the LDAP directory, must have permission
(authorization) on the object store (that is used for authentication) in order to log in to
the IBM Content Navigator (ICN) client. The student system already has a user called
Scott who is a verified member in LDAP but does not have permission to access the
object store that is used for authentication. In this task, you will attempt to log in as this
user and examine the error when authorization fails.
Note that if an object store is configured to provide access to the #AUTHENTICATED
USERS group, then anyone who can log in to the domain can have access to that
object store. The student system does not have this configuration, so only users who
have explicit permission can access the object store.
• In the Mozilla Firefox browser, click the Sample Desktop bookmark or enter the
following URL: http://vclassbase:9081/navigator.
• Type Scott for the User name field, FileNet1 for the Password field, and then
click Log In.
• Verify that you cannot log in and get the following error: You do not have the
appropriate permissions to access the following repository: <repository name>
Notice that this time, the error message is different from the one that you got in the
previous task. It provides a clue about the underlying cause of the login failure.
Scott does not have access to the object store that is defined for authentication for
this ICN desktop. A user must have access to the object store that ICN uses for
authentication to log in. In some cases, an authorization problem might appear to
be an authentication problem.
• Close the browser.
When users log in to Sample desktop, ICN authenticates the users against the
LoanProcess object store. If the user does not have access to this object store, the
access to the ICN desktop is denied.
• On the Sample tab, select the Repositories subtab and observe the list of
repositories.
Recall that these repositories were displayed on the Sample desktop in the
previous tasks and authorized users were able to access content.
You can learn more on configuring repositories and desktops in the IBM Content
Navigator courses.
• Log out of IBM Content Navigator and then close the browser.
Observe object store access.
Object stores are usually secured by using group memberships. Users who have
access to object stores can log in and use the object stores. Each user, depending on
their role, has access to some but not necessarily all the object stores in an IBM
Content Navigator (ICN) desktop. In this task, you will sign in as Mary and verify that
Mary is able to access the LoanProcess object store but not the other object stores that
are available in the ICN desktop.
• In the Mozilla Firefox browser, click the Sample Desktop bookmark or enter the
following URL: http://vclassbase:9081/navigator.
• Type Mary for the User name field, FileNet1 for the Password field, and then click
Log In.
• Verify that Mary is able to access the folders and documents in the LoanProcess
object store.
• Double-click the folders in the right pane to open them.
You can also click the folders from the left navigation pane.
• To open another repository, click the down arrow next to LoanProcess on the
upper right.
All the repositories that are available for this desktop are shown in the list:
LoanProcess, Sales, LoanProcessQA, and SalesQA
• Attempt to open each of the object stores in the list by clicking it and verify that
Mary is denied access to the other repositories.
• Log out of IBM Content Navigator and then close the browser.
• From the J Jones' Loan tab, select the General subtab, scroll down, and observe
the Inherit Security from folder field.
If a value is assigned to this field, it indicates the folder object (security parent) from
which this document inherits security.
You will learn about security inheritance and other security concepts in a later
section.
• Close the J Jones' Loan tab and the Loans tab.
• From the LoanProcess tab, on the left pane, collapse the Browse node, expand
the Data Design > Classes node and click the Document class.
• From the Document tab on the right pane, select the Default Instance Security
subtab.
In the Default Instance Security subtab, the ACL list that is under the Access
Permissions section, will become the default security for the documents that
belong to this Document class.
• Log out of the administration client and close the browser.
• From the LoanProcess repository, click New Folder from the toolbar.
• On the New Folder page, type Security Test for the Folder Name field, observe
the default security for the folder, and then click Add.
• Back on the Browse page, double-click Security Test to open the folder and then
click Add Document from the toolbar.
• On the Add Document page, type Access Loan for the Document Title field.
• For the What do you want to save? field, click Browse.
• On the File Upload page, navigate to the C:\Training\F2810G\SampleDocs
folder, select any file (Example: MarketingPlan5.pdf), and then click Open.
• In the Add Document page, leave the default for all the other fields and observe
the security that is assigned to this document.
The Owner group has the following members: P8Admin, P8Admins, and Mary
The Readers group has the following members: Loan managers, Loan officers,
Loan processors, and Loan underwriters
• Click Add and then, on the Browse page, verify that the new document is listed.
• Click the head and shoulder icon in the banner, click Log Out to log out of IBM
Content Navigator and then close the browser.
For all the following tasks, when you log out as one user and before signing in as
another user, close the browser to avoid any caching issue.
Verify access to the document by a different user.
Since Matt is a member of the Loan managers group which is authorized to view the
document created in the previous task, Matt should be able to access the document
that Mary created. In this task, you will verify the access by logging in as Matt.
• In the Mozilla Firefox browser, click the Sample Desktop bookmark or enter the
following URL: http://vclassbase:9081/navigator.
• Type Matt for User name, FileNet1 for the Password field, and then click Log In.
• From the LoanProcess repository, double-click the Security Test folder to open it
and then verify that you can access the Access Loan document.
• Right-click the document and then verify that user Matt has access to open,
preview, properties, or download the document (these actions are enabled) but he
cannot delete this document (action is grayed out) since he is not the owner of this
document.
Matt also cannot check out the document because the Loan managers have only
Reader access. In a later task, you will change Matt to be the owner of the
document.
• Log out of IBM Content Navigator.
Remove group access to the document.
In your business scenario, you determine that the Loan processors group no longer
needs access to your document. In this task, you will verify that Peter who is a member
of the Loan processors group is able to view the document. You will then remove the
Loan processors group access to the document and verify that Peter can no longer
access the document.
• In the Mozilla Firefox browser, click the Sample Desktop bookmark or enter the
following URL: http://vclassbase:9081/navigator.
• Type Peter for the User name field, FileNet1 for the Password field, and then
click Log In.
• From the LoanProcess repository, open the Security Test folder and then verify
that the Access Loan document is displayed.
• Log out of Sample Desktop and close the browser.
• Log in to the Sample Desktop as Mary (Password: FileNet1).
• Open the Security Test folder, right-click the Access Loan document and then
select Properties.
• On the Properties page, open the Security tab.
• Remove the permission for Loan processors to read the document by clicking the
X on the group and then click Save.
• Log out of IBM Content Navigator and close the browser.
• Open the Security Test folder, right-click the Access Loan document and then
select Properties from the list.
• On the Properties page, open the Security tab.
• Click the Loan officers link and then select Author from the Permissions list.
• Click OK and then verify that Loan officers are now in the Authors group.
• Click Save, log out of Sample Desktop and then close the browser.
• Log in to Sample Desktop as Olivia (Password: FileNet1).
• Open the Security Test folder, right-click the Access Loan document, and then
verify that Olivia now has access to check out the document.
The Check Out action is enabled. Because the Loan officers have been given
Author access and Olivia is a member of this group, she is able to access the
action.
• Click the X on Mary to remove the user from the Owners list, and then click Save.
• On the Browse page, right-click the Access Loan document, and then verify that
Mary no longer has Owner access.
Delete, checkout and a few other actions are now disabled. Since she is part of the
Loan managers group, she continues to have Reader access through that
membership and can open or download the document.
• Log out of IBM Content Navigator and close the browser.
Verify the change in ownership.
You changed the ownership of the document to Matt. In this task, you will verify that
Matt has full access to the document (including delete).
• Log in to IBM Content Navigator (ICN) Sample Desktop as Matt (Password:
FileNet1)
• Open the Security Test folder, right-click the Access Loan document, and then
verify that Matt can now check out, delete, and take other actions (these action are
enabled now).
• Log out of ICN Sample Desktop and close the browser.
Examine the ownership.
The security that is set on a document in the IBM Content Navigator (ICN) client is
executed as configured in ICN. Even though you changed the ownership of the
document to Matt, Mary remains the owner when you examine the ownership in
Administration Console for Content Platform Engine (ACCE). This is because how ICN
maps its security groups (For example, Owner, Author, or Reader). Mary will be able to
take owner actions on this document in ACCE even after she is removed as the owner
in ICN. An administrator must reset the ownership in ACCE to complete the process. In
this task, you will examine this and change the ownership to Matt.
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• From the EDU_P8 tab, expand the Object Stores folder on the left pane and then
click the LoanProcess object store.
• From the LoanProcess tab, expand the LoanProcess > Browse > Root Folder
node on the left pane and then click Security Test.
• From the Security Test tab on the right, click the Access Loan document link.
• Scroll the tabs to the right and then click the Security subtab to open it.
• Scroll down the page to the Owner/Active Markings section and then verify that
the Owner is Mary (shown as [email protected]).
• Click Change Owner.
• On the Change Owner page, select the Change owner to option, and then click
Find.
• On the Add Users and Groups page, search for Matt (by Short name).
• Select Matt from the Available Users and Groups pane and then move Matt to
the Selected Users and Groups pane by clicking the forward arrow.
• Scroll down, click OK, and then verify that Matt ([email protected]) is now the
owner on the Access Loan tab.
• Click Save, click Refresh, and then click Close to close the Access Loan tab.
• Close the Security Test tab.
• From the LoanProcess tab, click Refresh.
This completes the change of ownership at all levels.
• Log out of Administration Console for Content Platform Engine, and then close
the browser.
• Select Case workers from the Selected Users and groups pane, scroll down to
the Permissions section, and then select Major versioning from the Permission
group list.
View all properties, View content, Change state, Major versioning, Read
permissions, Unlink document, Modify all properties, Link a document / Annotate,
Create instance, and Minor versioning.
• Click OK, back on the Access Test tab, verify that Case workers is listed and
then click Save.
Edit security settings.
For this scenario, the Major versioning Permission group grant access to more actions
than what you want to grant to the Case workers group. You can control the security at
a more granular level by setting custom permissions. In this task, you will modify the
permissions to a custom level.
You are already logged on to Administration Console for Content Platform Engine as
p8admin. You are viewing the Access Test document's security tab.
• On the Access Test tab > Security subtab, select the Case workers row under
Access Permissions section and then click Edit.
• On the Edit Permissions page, under the Permission group section, clear the
Unlink document permission.
• Confirm that the value for the Permission group field changes to Custom.
• For the Database connection field, select FNOSDS from the list and then type
Finance for the Schema name field.
The admin users have full control and other P8 users have access to use the
object store.
• Log out of the administration console and then close the browser.
Configure your repository.
Users manage your object store content in the IBM Content Navigator (ICN) client. To
be able to access the content, you must first configure ICN to connect to that repository.
Then, you must associate this repository with a desktop to enable users to access the
content. In this task, you configure the repository that you created in the previous task.
• In the Mozilla Firefox browser, click the ICN Admin bookmark or enter the
following URL: http://vclassbase:9081/navigator/?desktop=admin
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
This account has administrative rights.
• From the ICN administration page, click Repositories on the left pane.
On the Repositories tab, a list of object stores that are already configured is shown.
• To create a connection to your object store, click New Repository and then select
FileNet Content Manager from the list.
When users log in to this desktop, ICN authenticates the users of Finance object
store. If the user does not have access to this object store, the access is denied.
This step is very important for all the following activities to work correctly.
• From the Finance Desktop tab, select the Repositories subtab and verify that the
Finance and Sales repositories are listed for this desktop in the Selected
Repositories pane.
• If the Finance repository is not listed, select Finance repository from the Available
Repositories pane and then click the forward arrow (Add) to move it to the
Selected Repositories pane.
• On the Finance Desktop tab, click Save and then select the Layout subtab.
• Under the Displayed features section, select Browse, and then select Finance
for the Default repository field on the right pane.
• On the Edit Permissions page, notice that the Permission group field has
Modify properties as the value.
The permission allows them to create subfolders.
• Change the value by selecting View Properties <Default>.
Verify that the permission change removed the create subfolders permission.
• Click OK to close the page and then click Save on the Root Folder tab.
Verify that the p8users row now has View properties as its permission group.
• Click Add Permissions, and then select Add User/Group Permission.
• On the Add Users and Groups page, for the Search for field, clear the Users
and Special accounts options (checkboxes), and leave Groups selected.
• Type Finance for the Search by field and then click Search.
• In the Search Results section, select Finance admins from the Available Users
and Groups pane and move it to the Selected Users and Groups pane.
Use the forward arrow.
• Select Finance admins on the Selected Users and Groups pane, scroll down,
and then verify that Allow is selected for the Permission type field.
• For the Apply To field, select This object only from the list.
• For the Permission group field, select the View Properties <Default>, and then
select Create subfolder to add a custom permission.
• Verify that the Permission group field now has Custom as the value.
• Click OK to close the page and then click Save on the Root Folder tab.
• Verify that the Finance admins row is added and has Custom as its permission
group.
Finance admins are now allowed to add subfolders to the Root Folder and they
can then specify security on the folders that they create.
• Log out of the administration console and then close the browser.
Add a folder to your repository for Finance group.
In the previous task, you granted access to the Finance admin group to add subfolders
to the Root Folder. In this task, as a Finance admin (Adam), you will create top folders
and configure access to users in the various Finance groups. So that the users can add
subfolders and documents in the designated folders.
• In the Mozilla Firefox browser, click the Finance Desktop bookmark or enter the
following URL: http://vclassbase:9081/navigator/?desktop=FinanceDesktop
• Type Adam for the User name field, FileNet1 for the Password field, and then
click Log In.
• Create a new folder:
• In the Finance repository, click New Folder from the toolbar.
• On the New Folder page, type Invoices for the Folder Name field and click
Add on the lower right to create the folder.
• Back on the Browse page, verify that your new folder is listed.
• Click Finance clerks, select Customize from the Permissions list, and then click
Advanced.
• Select Create subfolders and then clear the Add to folders permission.
• Scroll up, under the Access Permissions section, select Finance admins by
selecting the checkbox and then click Edit.
• In the Edit Permissions page, inspect the permissions.
The Owner permissions that you assigned in IBM Content Navigator for the
Finance admins group is considered as custom access when we view it in ACCE
because some of the inherited permissions were not be assigned to the Finance
admins group.
If you check the permissions for P8admins group (or for Adam who created this
folder and is a member of the Finance admins security admin group), they have
complete permissions including the inherited ones. This is because the P8admins
group was assigned to the Object store where this folder is created and the user
Adam is the owner of this folder.
• Click Cancel.
Optionally, you can inspect the permissions for the other Finance groups in ACCE
and compare them with the ones that you assigned in ICN.
• Log out of administration console and close the browser.
In the above diagram, users (Adam, Oscar, and Clara) belong to different groups
(Finance Admins, Loan Officers, and Clerks). All the groups are members of the
P8Users super group. In this scenario, when you create an object store, you can add
P8Users as the super group with default access rights. When new users or groups
such as Clerks must be added to an object store, you can add them to P8Users. Users
then automatically have default access to all existing objects on the object store.
If you use the same super group on multiple object stores, you can grant immediate
access to all object stores by adding a user or group to the super group. Otherwise, you
can create a separate group for each object store to provide more specific access.
If you use separate groups for each object store, you can also create separate IBM
Content Navigator desktops. Each desktop might then use a separate object store for
authentication.
If you add the #Authenticated Users security group to an object store, it give access to
all of the LDAP users. By creating a super group, you can control the users who can
have access.
• Log out of Administration Console for Content Platform Engine and close the
browser.
Adding Tia to the Finance object store directly will provide only basic access to the
object store but not to any of the existing objects. You will check this access in the
following steps.
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the left pane of the EDU_P8 tab, expand the Object Stores node and then
click the Finance object store.
• From the Finance tab on the right pane, click the Security subtab, click the Add
Permissions, and then select Add User/Group Permission.
• On the Add Users and Groups page, for the Search for field, clear the Groups
and Special accounts options (checkboxes), and leave Users selected.
• Type Tia for the Search by field and then click Search.
• In the Search Results section, select Tia from the Available Users and Groups
pane and move it to the Selected Users and Groups pane.
Use the forward arrow.
• Scroll down and verify that the Permission type field has Allow.
• For the Apply to field, select This object and all children from the list.
• For the Permission group field, select Use Object Store from the list and then
click OK to close this page.
• Verify that Tia is listed with the permission that you selected, click Save to save the
changes and then click Refresh.
• Log out of the administration console and close the browser.
• In the Mozilla Firefox browser, click the Finance Desktop bookmark or type the
following URL: http://vclassbase:9081/navigator/?desktop=FinanceDesktop
• Type Tia for the User name field, FileNet1 for the Password field, and then click
Log In.
• Notice that you get an error message and it is different from the one that you got
before adding Tia to the object store.
• Click Close when you are prompted with the message: You don't have the
appropriate permissions to access the object store.
• Verify that the Browse page opens, but the user cannot view the existing folders or
any objects.
• Log out of ICN Finance Desktop and then close the browser.
Remove Tia from the Finance object store in the following steps:
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the left pane of the EDU_P8 tab, expand the Object Stores node and then
click the Finance object store.
• From the Finance tab, click the Security subtab.
• Under the Access Permissions section, select the Tia row and then click
Remove.
• Verify that Tia is not listed on the security list, click Save.
• Log out of the administration console and close the browser.
Add a group to the P8users group.
The easiest way to add users and groups to an object store is to add them to an
existing group that already has access. In an earlier activity, you created and configured
the Finance object store with the P8users group. In this activity, you will add the
TestGrp group to this super group to instantly provide the default access to the object
store and its objects.
• From Programs, open the Administrative tools > Active Directory Users and
Computers.
You can also use the Active Directory Users and Computers shortcut on the
taskbar.
• From the left pane, click Users.
• On the right pane, right-click the P8users group and then select Properties.
• On the p8users Properties page, select the Members tab and notice that there
are already many groups are listed.
• Click Add, type TestGrp in the Enter the object names to select field, and then
click Check Names.
• On the Opening … window, select the Save File option, click OK to close.
• Back in the administration console, cancel the Security Script Wizard, log out and
close the browser.
• Open the Downloads (C:\Users\p8admin\Downloads) folder where the file was
downloaded.
If you cannot download the file for any reason, both the zip file and the extracted
files are in the C:\Training\F2810G\SecurityWizardScript folder on your student
system.
• To extract the SecurityWizardScript.zip file, right-click the file, select Extract All,
and then click Extract on the page.
• In the C:\Users\p8admin\Downloads\SecurityWizardScript folder, verify that the
following files are listed:
• SecurityScript.js
• UpdateOSSecurity.json
• Click Next.
• On the Select Role and Role Participants page of the wizard, verify that Object
Store Users option is selected, and then click Add User/Group Permission.
• On the Add Users and Groups page, search for the Script testers group, move it
to the Selected Users and Groups pane and then click OK.
• Back on the wizard page, verify that Script testers is listed.
• Click Next, click OK when you are prompted with the message about unassigned
participants, and then click Finish to complete the security script wizard.
A window will display the status. Wait for the script to complete.
• When the Status shows Finished, verify that there are no errors, and then click
Close.
• Log out of the administration console, restart the browser, and log back in as
p8admin (Password: FileNet1).
• On the left pane of the EDU_P8 tab, expand the Object Stores node and then
click the Finance object store.
• From the Finance tab, on the right pane, select the Security subtab and then
verify that Script testers is listed under the Access Permissions section.
The group has Custom as the value for the Permission Group column.
• From the Finance tab, on the left pane, expand the Browse node and then click
Root Folder.
• From the Root Folder tab, on the right pane, select the Security subtab and then
verify that Script testers is listed under the Access Permissions section.
The group has Modify properties as the value for the Permission Group column.
• Log out of the administration console and close the browser.
• Expand the Data Design > Classes node on the left pane, right-click Document
and then click New Class.
• In the New Document Class tab, type Invoice for the Display name field.
The Symbolic Name and Description fields are automatically populated.
• Complete the wizard by clicking Next, Finish, and then Close.
• In the Finance tab, click Refresh.
• On the left pane, expand the Data Design > Classes > Document node, and then
click Invoice.
• From the Invoice tab on the right pane, click the Property Definitions subtab and
then click Add.
• On the Add Properties page, type Invoice in the filter to show the property
template that you added.
• Select Invoice Number and then click OK to close the Add Properties page.
• On the Invoice tab, verify that Invoice Number is listed and then click Save.
In the following steps, you will configure the default instance security for the class
that you created.
• On the Invoice tab, open the Default Instance Security subtab.
• Review the ACL list under Access Permissions, click Add Permissions, and
then select Add User/Group Permission.
• On the Add Users and Groups page, search for Finance managers, select it
from the Available Users and Groups, and move the group to the Selected
Users and Groups by clicking the forward arrow.
• Select Finance managers, scroll down to the Permissions section, select Full
Control for the Permission group field, and then click OK.
• On the Invoice tab, verify that Finance managers is listed (with Full Control for
the Permission Group column) and then click Save.
• Repeat the steps to add Finance clerks with Major Versioning for the
Permission group.
• On the Invoice tab, click Save to save the Invoice class properties.
• On the Invoice > Default Instance Security subtab, select #CREATOR-OWNER
by clicking the box and then click Edit.
• On the Edit Permissions page, select Major versioning for the Permission
group field and then click OK to close the page.
• Click Save on the Invoice tab and then click Refresh.
• Under the Access Permissions section, verify that the #CREATOR-OWNER and
Finance clerks rows now have Major versioning as its Permission Group.
• Log out of the Administration console, clear the browser cache, and close the
browser.
Verify default instance security.
In this task, you will log in to the IBM Content Navigator (ICN) desktop as Carol who is a
member of Finance clerks, create an Invoice document, and verify the security settings.
• In the Mozilla Firefox browser, click the Finance Desktop bookmark or enter the
following URL: http://vclassbase:9081/navigator/?desktop=FinanceDesktop
• Type Carol for the User name field, FileNet1 for the Password field, and then
click Log In.
• Expand the Finance repository > Invoices folder on the left pane and then click
Carol.
• Click Add Document from the toolbar.
• In the Add Document page, for the What do you want to save? field, click
Browse.
As you configured, the Finance managers have full control along with P8admins.
Finance clerks and Carol has Author access. Notice that the document creator
(Carol) is not listed as the owner. P8users and Script testers have Reader access.
The list of available security settings is different in IBM Content Navigator (ICN) as
compared to Administration Console for Content Platform Engine (ACCE). ICN
presents some aggregations of security settings to give end users a more intuitive
set of options, whereas ACCE provides a much more granular set of options.
• Click Cancel, log out of ICN Finance Desktop, and then close the browser.
• Repeat the steps in the Check the access before property modification access task
to log in to ICN Finance Desktop as Charles, browse to the Invoice New
document, and then open the Properties page.
• Verify that you cannot edit the value of the InvoiceNumber property, even though
you can edit the Document Title by trying to change these values.
• Click Cancel, log out of ICN Finance Desktop, and then close the browser.
You configured the InvoiceNumber property definition on the Invoice document
class, but you did not change the InvoiceNumber property template. If you create a
new class and you use this property template, the property will have normal
modification access. The configuration change you made applied only to the
Invoice class.
Security folder
A folder that is used to provide the security for child documents to inherit
Security proxy
An object that is used to provide the security for other objects to inherit
Security inheritance architecture
An object's security is a combination of its default instance security, direct ACEs, and
the ACEs from the security parent.
Folder security inheritance can be automated by using a custom application and the
Security Folder property value can be assigned to documents automatically.
Following are the consequences of deleting folders or moving child objects:
• If a security folder is deleted, those documents that had that folder as their security
parent in the object store no longer have a setting for security folder. They can be
reassigned to another security folder.
• If an object that has a security parent is moved out of that folder, the security
parent relationship is maintained.
Use an object as a security proxy
This method is more complex than using the security folder method, but it provides
more flexibility. You can specify as many security parents as you need, and the security
sources are not limited to being folders. For some business applications, the freedom to
use other objects besides folders might allow for a more natural and simpler solution.
This method can also be combined with the security folder method so that the final
security on an object includes the inherited security from all sources.
When the security parent object is deleted, the inherited security is removed from the
object.
Example scenario
A legal requirement exists for contracts that are used in the Finance department. From
time to time, contracts must be viewable by auditors, who do not usually have access to
the contracts. You want to be able to change the security on all of the contracts to allow
auditors to access them, and then to remove that access when the audit ends.
Many folders act as security sources for the contracts that are filed within them, and
other document types are also filed in these same folders and inherit security from
them. You do not want to manually change the security on all of the folders, and you do
not want the auditors to have access to the other documents that are filed in those
folders. Therefore, you cannot change the security on the folders when the auditors
need access to the contracts.
You can set up a custom property on a document class so that all contracts have a
property that specifies the security proxy from which to inherit security. In this way, you
can allow the documents to use their folder as a security parent, and provide an extra
level of access that can be disabled or modified when needed.
• Verify that the Finance admins and Finance managers groups have full control.
• On the Document Content Source page, click Add and then click Browse on the
Add Content Element page.
• On the File Upload page, navigate to the C:\Training\F2810G\SampleDocs
folder, select a file (For example, MarketingPlan1.pdf), and then click Open.
• Back on the Add Content Element page, click Add Content.
• Back on the New Document tab, click Next several times and then click Finish.
Leave the default settings for all other fields.
• On the Success page, click Open to open the Test Receipt document properties
page and then click Refresh.
• Open the Security tab and then verify that the only ACEs listed are P8admins and
P8admin as you configured earlier for this document class.
• On the Test Receipt tab, open the General subtab, scroll down, and then select
Receipts from the list for the Inherit security from folder field.
• Click Save and then open the Security subtab of the Test Receipt document.
• Click Refresh and then verify that Finance admins and Finance managers have
inherited permissions and the Source column has Inherited as the value.
• Open the Security tab and then verify that Finance managers, Finance admins,
p8admin and p8admins are all owners.
• Hover the mouse over Finance admins or Finance Manager (near the upward
arrow) to verify that the permissions are inherited from the parent.
The groups also have an inheritance indicator (Blue arrow).
• Click Cancel, log out of ICN Finance Desktop, and then close the browser.
• From the Active Directory Users and Computers window, click the Users node
on the left pane, and verify that the following groups are listed: AppDesignGrp
and ClassDesignGrp.
• Type Cathy for the User name field, FileNet1 for the Password field, and then
click Log In.
After the restriction is applied, Cathy will not be able to perform many of the
administration actions, creating and configuring property templates, subscriptions,
and sweep policies, and any workflow related configurations.
In the following steps, you will check that Cathy is able to perform the actions now
before the restrictions are applied. Since the objective is to test the access to these
actions, completing the configuration or creating an object is not required. But you
can optionally complete the configuration using the tasks that you learned
throughout this course.
• On the left pane of the EDU_P8 tab, expand the Object Stores folder click the
Finance object store.
As admin users, Cathy and Arvin have complete access to all the object stores and
all the admin actions same as p8admin.
• From the Finance tab, expand the Finance > Administrative node on the left
pane, and verify that this node and sub-nodes are accessible to Cathy.
• From the Finance tab, collapse the Administrative node, expand the Finance >
Data Design node on the left pane, right-click Property Templates and select
New Property Template from the list.
This step verifies that Cathy has access to create a property template.
• Click Cancel to close New Property Template tab.
• On the left pane, collapse the Data Design node, expand the Finance > Events,
Actions, Processes node, right-click Subscriptions and select New
Subscription from the list.
This step verifies that Cathy has access to create a Subscription.
• Click Cancel to close the New Subscription tab.
• On the left pane, collapse the Data Design, and verify that Cathy has access to
Sweep Management configuration.
You will learn more about Sweep Management in a later activity.
• Log out of Administration Console for Content Platform Engine and close the
browser.
• Enter a space and then type the following text in the textbox.
-DrestrictedGroups=C:/Training/F2810G/restrictedGroups.properties
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type Cathy for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the left pane of the EDU_P8 tab, expand the Object Stores folder and click the
Finance object store.
• On the Finance tab, verify that you only view the Finance > Data Design node
and Search on the left pane.
Recall that the same user was able to view all other features before applying the
restrictions, including the actions under the Administrative, Events, Actions,
Processes, and Sweep Management nodes.
• In the Finance tab, expand the Finance > Data Design node and verify that only
Classes and Choice Lists node are shown.
Recall that the same user was able to create property templates under the Data
Design node.
Observe that on the right pane, only two subtabs are accessible: General and
Properties. Most other subtabs that help in administration of this object store is not
available to this group.
Class Designers group (ClassDesignGrp) are allowed to perform only the data
design tasks and will not be able to perform the administration tasks.
• Log out of the administration console, log back in as Arvin (Password: FileNet1).
• On the left pane of the EDU_P8 tab, expand the Object Stores folder and click the
Finance object store.
• On the Finance tab, verify that many nodes are accessible on the left pane, under
the Finance node.
Application Designers group (AppDesignGrp) are allowed to perform many
administration tasks, in addition to data design, as compared to the Class
Designers group (ClassDesignGrp).
Observe that on the right pane, many subtabs are accessible to Arvin as compare
to the Cathy.
• From the Finance tab, expand the Finance > Administrative node on the left
pane, right-click Workflow System and select New from the list.
The Workflow topic is discussed in a separate course. For this activity, the
objective is to test the access to this feature for an Application Designer.
• On the New Workflow System tab, under the Table Spaces section, type
OS_DB_TS for the Data field.
• Under the Workflow System Security Groups section, click Browse next to the
Administration group.
• On the Add Users and Groups page, search for P8admins, move it to the
Selected Users and Groups pane, and then click OK.
• Back on the New Workflow System tab, click Next.
• For the Connection point name field, type FinanceCP3 and then click Next.
• For the Isolated region name field, type FinanceRegion, scroll down to the
Isolated region number field, and then type 3.
• Click Next and then on the Specify Isolated Region Table Space (Optional)
page, click Next again.
• On the Summary page, click Finish and then click Close on the Success page.
• On the Finance tab, click Refresh.
• Expand the Data Design > Classes node on the left pane, right-click Document
and then click New Class.
• On the New Document Class tab, type Finance Docs for the Display name field.
The Symbolic Name and Description fields are automatically populated.
• Complete the wizard by clicking Next, Finish, and then Close.
• In the Finance tab, click Refresh.
• On the left pane, expand the Data Design > Classes > Document node, and then
click Finance Docs.
• From the Finance Docs tab on the right pane, click the Property Definitions
subtab and then click Add.
• On the Add Properties page, type DocCategory in the filter field to select the
property template that you added.
• Select DocCategory, scroll down, and then click OK to close the Add Properties
page.
• On the Finance Docs tab, verify that DocCategory is listed and then click Save.
• Click Refresh, open the Default Instance Security subtab, remove all the users
and groups except p8admins and p8admin.
• Click Add Permissions and then select Add User/Group Permission.
• On the Add Users and Groups page, search for Finance managers, select it
from the Available Users and Groups pane, and move the group to the Selected
Users and Groups pane by clicking the forward arrow.
• Select Finance managers the Selected Users and Groups pane, scroll down to
the Permissions section, select Full Control for the Permission group field, and
then click OK.
• On the Finance Docs tab, click Save.
• Repeat the steps to add Finance clerks and Finance reviewers with View
content <Default> for the Permission group.
• On the Finance Docs tab, click Save.
• Under the Access Permissions section, verify that the security groups are listed
with the Permission Group you configured.
• Back on the Browse page, double-click Finance Docs to open the folder and then
click Add Document from the toolbar.
• On the Add Document page, for the What do you want to save? field, select
Local Document from the list and then click Browse.
• On the File Upload page, select any file (Example: MarketingPlan5.pdf) from the
C:\Training\F2810G\SampleDocs folder and then click Open.
• Back on the Add Document page, Select Finance Docs for the Class field.
• For the Document Title field, change the text to Finance Doc1 and then type
Support for the DocCategory field.
• Under the Security section, verify that this document has the default instant
security from the Document class that you created earlier.
• Verify that the Finance clerks and Finance reviewers have Reader access.
You will be changing this security through role-based access.
• Click Add in the lower right corner and then back on the Browse page, verify that
the new document is listed.
• Log out of ICN Finance Desktop and then close the browser.
Test the security of a document before a role is applied.
In this task, you will log in as a member of the Finance clerks group (Carol) to test the
access to a document in the ICN desktop before applying role permissions to the
document.
• In the Mozilla Firefox browser, click the Finance Desktop bookmark or type the
following URL: http://vclassbase:9081/navigator/?desktop=FinanceDesktop
• Type Carol for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the Browse page, double-click Finance Docs to open the folder.
• Right-click the Finance Doc1 document that you added and then verify that Carol
does not have permissions to check out the documents.
The actions are grayed out (not enabled) in the list in contrast to Download, Add to
Favorites, or Export for which Carol has permissions.
Finance clerks group (Carol) has Reader access and so they cannot check out a
document.
• Log out of ICN Finance Desktop and then close the browser.
• Log out of ICN Finance Desktop and then close the browser.
The values you entered are used to construct a query for the objects of Document
class. For an SQL statement, class (Document) is the table, each object is a row,
and object properties (Document Title) are the selected columns.
You will enable the bulk actions in the next task and then run the search.
Create and run bulk actions that update security on the search
results.
The search is open and the bulk actions are currently disabled. In this task, you will
enable them, configure the update security bulk action, and then run the search.
• On the New Object Store Search tab, click the Bulk Actions (Disabled) subtab
and then select Enable.
• Scroll down to the Security area and then select the Update security option.
• Click Add and then select Add User/Group Permission.
You can also specify a role for role-based access.
• On the Add Users and Groups page, type Marketing in the Search field and
then click Search.
• Select the Marketing group, move it to Selected Users and Groups by using the
right arrow, and then click OK.
• Back the New Object Store Search tab, verify that the Marketing group is listed
under the Security section.
• Scroll down to the Permissions area and then select the checkboxes under the
Add Allow column for the following permissions.
• View all properties
• Modify all properties
• View content
• Create an instance
• Change state
• Minor versioning
• Major versioning
• Read permissions
• Click Run.
The Execute Actions page with a message about the query results is displayed.
• Click Close on the Execute Actions page and leave the New Object Store
Search tab opened for the next activity.
Verify the security change on the marketing materials.
In the previous task, you ran a search that included a bulk action to update security.
The action occurred as the search ran. Inspect one of the documents to ensure that the
Marketing group was added to the document. The search tab is open, displaying the
search that you recently ran.
• On the Bulk Actions (Enabled) tab, clear the Enable checkbox to disable bulk
actions, click Run to run the search again, and then view the search results.
• Click the title of one of the documents in the Search Results table.
The document properties page opens in a tab.
• On the document properties page, open the Security tab and then verify that
Marketing is now displayed in the Access Control List.
Important note: This activity builds on the previous activity and so ensure that the Use
bulk actions to modify security for multiple documents activity is completed.
In this activity, you will accomplish the following:
• Preparation: Check out documents.
• Use batch operations to cancel the check out.
Preparation: Check out documents.
In this task, you will log on as Misty and check out some documents in the IBM Content
Navigator (ICN) client to use later with the bulk action.
• In the Mozilla Firefox browser, click the Finance Desktop bookmark or enter the
following URL: http://vclassbase:9081/navigator/?desktop=FinanceDesktop
• Type Misty for the User name field, FileNet1 for the Password field, and then
click Log In.
• Click the down arrow next to Finance on the upper right and select the Sale
repository from the list.
• On the left pane, click the Marketing folder.
• Right a click a document that begin with MarketingPlan in the title and then select
Properties.
• On the Properties page, select the Security tab, and verify that the Marketing
group is listed for the Author field.
• Select all the documents that begin with MarketingPlan in the title (5 documents)
and then click Actions > Check Out > Check Out Only to check out the
documents.
Misty is a member of the Marketing group and she can check out only documents
to which the Marketing group has major and minor versioning permissions. You set
these permissions in the previous task through a bulk action.
• Verify the checked out documents have a lock icon and then log out of the ICN
desktop and close the Browser.
Use batch operations to cancel the check out.
In this task, you will log in as an administrator (p8admin) and use batch operations to
cancel the checkout of the Marketing documents that Misty has checked out.
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the left pane of the EDU_P8 tab, expand the Object Stores folder and then
click the Sales object store.
• In the Sales tab, expand the Sales > Browse > Root Folder node on the left pane
and then click Marketing.
• From the Marketing tab on the right pane, select the documents that begin with
MarketingPlan in the title (5 documents that have lock icon) and then click
Actions > Batch Operations.
Use the Actions menu from the Contents subtab.
• On the Batch Operations page, open the Actions tab, select the Cancel
checkout option under Versioning, and then click OK.
• Click OK when you are prompted with the message for the Cancel checkout.
• Click OK again when you get a message that the operation is complete.
• Back on the Marketing tab, verify that the checkout is cancelled for the documents
that you selected (The lock icon is not shown now).
• Log out of the administration console and then close the browser.
• Command line
• Windows startup and shutdown
[css_install_location]\[Server_name]\bin\startup.bat
[css_install_location]\[Server_name]\bin\shutdown.bat
[Server_name] specifies the name for the CSS Server.
• Unix startup and shutdown
CSS_installation_directory/[Server_name]/bin/startup.sh
CSS_installation_directory/[Server_name]/bin/shutdown.sh
The relationship between an index entry and a document
Content index is a file that contains pointers to the character-based content in an object
store. Like an index in the back of a book, instead of page numbers, index stores
references to documents.
Content Based Retrieval searches the index file, not the actual documents
• Save the authentication token from the screen output (weR/vMk=) in a text file.
The token is case-sensitive.
Ensure that you get the first value for the authentication token because the
encryption key is also displayed.
• Minimize the command window.
Create a text search server.
You need to register the IBM Content Search Services (CSS) server with the P8
Domain. You can register the server in Index mode, Server mode, or Index and Server
mode. Because you will configure only one server on the student system, the server
must perform both index and search operations.
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the left pane of the EDU_P8 tab, expand the EDU_P8 > Global Configuration
> Administration node and then click Text Search Servers.
• From the Text Search Servers tab, on the right pane, click New.
• Type EDU CBR Server for the Display name field and then click Next.
• Complete the fields with the following values:
• Scroll down and then inspect the Searching, Indexing, Extracting, and Schedule
sections.
These values can be customized to improve performance.
Verify indexing at the site level.
Indexing is enabled at the domain level, but you must ensure that indexing for the site is
also either inherited from the domain or configured separately.
• On the left pane of the EDU_P8 tab, expand the EDU_P8 > Global Configuration
> Administration > Sites node and click Initial Site.
• From the Initial Site tab on the right pane, open the Text Search Subsystem tab,
click Refresh, and verify that the Configuration source has EDU_P8 (P8 domain)
value.
• Scroll down and then inspect the Searching, Indexing, and Extracting sections.
The values for the sections are set at the domain level and are not editable at the
Site level. If you choose to override them at the site level, then they become
editable.
• Log out of the administration console and close the browser.
• Mime Type
System property
String data type
A few possible values
Never used in searches
• product_id
Custom property
String data type
Values are unique
Often used in searches
• Product Category
Custom property
String data type
A few possible values
Often used in searches
• Quantity
Custom property
Integer data type
Several possible values
Sometimes used in searches
• Price
Custom property
Float data type
Several possible values
Sometimes used in searches
• service_date
Custom property
DateTime data type
Several possible values
Sometimes used in searches
The correct answer is: Product Category
Product Category is a custom property, String type, often used in searches, and
contains a few possible values.
Change the property settability option.
A property must be Settable only on create in order to be configured as an index
partition. In Administration Console for Content Platform Engine, the Settable only on
create option is represented by the value 2. You must set this attribute on the property
template (not the property definition on a particular class) for all classes that use this
property template to be indexed with this partition. In this task, you will change the
property settability option.
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the left pane of the EDU_P8 tab, expand the Object Stores folder and click the
Sales object store.
• From the Sales tab, expand the Sales > Data Design node on the left pane and
then click Property Templates.
• From the Property Templates tab, type Product Category on the filter field and
then click the Product Category link to open the property template.
• From the Product Category tab, open the Properties subtab and then change the
Settability value to 2 (two).
The default value was 0.
• Click Save, log out of the administration console, and then close the browser.
The index can become desynchronized if you restore the object store from a backup.
You can resync the index. During the resynchronizing process, the system updates the
Indexing status to Closed and then after resynching, the system updates the status to
Open.
Automatic activation of index areas
A Content Platform Engine server automatically changes the resource status for an
index area in the following circumstances:
• When an index area or full-text index reaches the maximum, its status changes
from OPEN to FULL.
You can set the capacity of an index area by defining limits.
• When an index area becomes FULL, Content Platform Engine activates another
index area that is in STANDBY to OPEN.
The change allows the index area to receive index entries for newly indexed
objects. For automatic activation to work, both index areas must be on the same
object store. You can specify the activation priority in the administration console.
Index areas with the highest activation priority are activated first.
Reduced number of OPEN index areas can result in reduced indexing rates.
Automatic activation of STANDBY indexes prevents the reduction of OPEN index
areas. The system maintains a steady number of OPEN index areas without
manual intervention.
Index jobs
An index job represents one or more index requests for Content Platform Engine
objects. You create an index job on the document class that you want to index. CBR
must be enabled on the document class first.
The index job is queued and then runs. Indexing occurs automatically after the index
job is queued. Schedule to run index jobs during non-peak hours. Use the Index Jobs
Manager to check index progress. Index errors are logged in the P8_Server_ error.log
file.
Run a CBR search
You can create and run a search from the IBM Content Navigator (ICN) client as well as
from the Administration Console for Content Platform Engine (ACCE) tool. Users can
use ICN to perform routine searches for their content. Administrators typically use
ACCE to find documents in order to perform administration tasks, such as changing
metadata or security, or to perform bulk operations.
When the query is run, the full text portion of the search retrieves a batch and the batch
of full text hits is inserted into a DB Temp table. A JOIN query is issued between the
Temp and DocVersion tables. The steps run in many iterations.
Optimize the performance of a CBR query
By default, the Content Platform Engine (CPE) always performs the content-based
retrieval (CBR) search first. You can optimize the performance of a CBR query by
controlling the order of the database search and the full-text search for the query.
Database-first execution is more efficient in the following circumstances:
• The number of database search hits is small; in the typical case, this number is
less than a few hundreds
• The number of full-text search hits is large; in the typical case, this number is more
than several thousands
What is Dynamic Switching?
When the property is set to dynamic switching mode, the CPE dynamically determines
whether to issue the CBR search first or the relational search on a database (DB) first,
optimizing performance for these types of searches.
For every CBR search, an estimate is first made of the full text hit count based on the
full text search criteria. If the estimate is larger than a configured threshold, the
relational database portion of the search is run first (DB First). Otherwise, the full-text
search is issued first (CBR First). The database results are then searched against
Content Search Services.
For more information on this option, refer to the FileNet P8 Platform V5.5.x Knowledge
Center:
https://www.ibm.com/support/knowledgecenter/SSNW2F_5.5.0/com.ibm.p8.ce.dev.ce.
doc/query_sql_syntax_cbr.htm#query_optimization_icss
• Verify that the interface does not yet show the options for content based search
yet.
• If you are prompted with the Multiple Names Found window, select p8admin and
then click OK.
• Back on the Select Users window, verify that the name p8admin
([email protected]) is displayed and then click OK.
• Back on the Permissions window, select p8admin ([email protected])
and then select the Allow checkbox for Full control.
This steps allow p8admin full control of this folder.
• Click OK to save your changes, click OK again to close the folder properties page,
and then minimize Windows Explorer.
In the following steps, you will create an index area object that references the folder
that you just created.
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the left pane of the EDU_P8 tab, expand the Object Stores folder and click the
Sales object store.
• From the Sales tab, expand the Sales > Administrative node on the left pane and
then click Index Areas.
• From the Index Areas tab on the right pane, click New.
• From the New Index Area tab, type Product Index Area for the Display Name
field and then click Next.
The name that you choose is unimportant but the activities in this section refer to
this name.
• For the Root directory field, type C:\ProductIndex and then click Next.
The folder that you created.
• On the Summary page, click Finish.
• Wait for confirmation of success and then, on the Success page, click Open.
• On the Product Index Area tab, open the General tab and inspect the property
values.
The Resource status for the index area is currently in the Open state. You can
change the state on this page.
Notice that the root directory field shows the folder path value.
Maximum index count: A threshold that governs when the status of the index area
is automatically changed to full. The status is changed when the number of full-text
indexes equals or exceeds this threshold. A value of -1 indicates that no threshold
applies.
Index maximum object count: A threshold that governs when the status of the
index area is automatically changed to full. The status is changed when the
number of indexed objects that are assigned to the index equals or exceeds this
threshold. A value of -1 indicates that no threshold applies.
• Close the Product Index Area and Index Areas tabs.
• Leave the administration console open for the next task.
Enable IBM Content Search Services on the object store.
You must enable IBM Content Search Services at the object store level before you can
use it for indexing. The Sales object store is open in Administration Console for Content
Platform Engine.
• From the Sales tab, open the Text Search subtab for the Sales object store.
• Select the Enable IBM Content Search Services option.
• Under the Indexing Languages section, select en (for English) from the Available
Languages list and then click the forward arrow to move en to Selected
Languages.
• Click Save and then click Refresh to ensure that the changes are saved.
• Leave the administration console open for the next task.
If the option is greyed out, it might be because the Enable IBM Content Search
Services option that you selected on the Sales object store might not have been
saved or refreshed. Repeat the previous task to correct this and then redo this
task.
• Click Save and then click Refresh to save your changes for the document class.
• Leave the administration console open for the next task.
Create an index job and check its progress.
Indexing is now configured on the Sales object store for the Product document class.
The index does not exist until you initiate an index job. When you create an index job,
the system creates the index.
The Product document class definition is open in the administration console.
• From the Product tab, click Actions and then select Index Class for Content
Search (include subclasses) from the list.
• Click OK to close the message that informs you that the system created an index
job and close the Product tab.
• From the Sales tab, expand the Sales > Administrative node and then click Index
Jobs Manager.
• On the Index Jobs Manager tab, if the Job Status for the Product class is
Pending or In Progress, wait for a few minutes and then click Refresh again.
Indexing can take several minutes. On a production system, the index job might
take several hours, so you must plan the index job to run when the system
resources are not in high demand.
• Click Refresh again until your index job status changes to Terminated Normally.
• Close the Index Jobs Manager tab and leave the administration console open for
the next task.
View the index properties.
When the indexing job completes, the index area contains an index. In this task, you will
view the index properties.
• From the Sales tab, expand the Sales > Administrative > Index Areas node on
the left pane and then click Product Index Area.
• From the Product Index Area tab on the right pane, open the Index subtab and
then verify that the Index Selection field contains a value.
The index selection field contains a set of values in the list. The index identification
field shows the first value. If the value is not found, click Refresh.
• Log out of the administration console and close the browser.
View the index in the file system.
The index job created an index. In this activity, you will verify the index area by going to
the location on the file system.
• In Windows Explorer, open the C:\ProductIndex folder and verify that new
subfolders that begins with Sales_Document_XXX_XXX is listed.
XXX is a long string of alphanumeric characters.
The values matches with the ones on the Product Index Area tab > Index subtab in
the administration console.
Optionally, explore the contents of this folder. Most of the files cannot be opened
with standard viewing tools.
• Click the Text options link, select the All of the terms option and then click OK.
"Deluxe Model" is changed to "Deluxe AND Model" by ICN when you select the All
of the terms for the Text options.
If you select the Any of the terms option, ICN inserts OR and changes to "Deluxe
OR Model" for your CBR search.
With the Proximity option, you can search for terms that must be in proximity to one
another. You set the number of words that can separate the terms. Use Advanced
operators to include more complex queries with mixed expressions.
Recall that when you tested the search page before enabling CBR, the Find items
with the following terms field was not available. Notice that the Text options are
available now.
• Below Text options, select the following values from the list for the property
criteria: Product Category, Equals, Combo
This is the property that you used to create index partitioning. This step is optional
for CBR search, but it improves the performance because of the number of the
documents to be searched is limited with the property value.
If you don't include the property criteria, the number of documents in the search
results will be higher.
• Click Search (you might need to scroll down to find the Search button).
• Right-click a document, and then select Preview from the list to open the
document in the Viewer.
• In the Viewer, verify that the document contains the term Deluxe Model.
You can save the search and then reuse it for later purposes.
• Click OK to save and then, back on the Model Content Search tab, click Run.
Troubleshooting tips: If the query returns the error, it is most likely due to the SQL
statement that is not entered correctly. Review the message, correct any errors in
the query and then rerun the query.
Check indexing entries in the log file.
Index jobs sometimes generate errors when documents fail to be indexed. The error
messages contain enough information for you to find the problem document and identify
the cause of the error. When an index job completes, review the log file to check
whether any problems occurred. In this task, you will check the log file.
The p8_server_error.log file is located in the C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\FileNet\server1 folder. You can
find the folder location in the following steps:
• In the Mozilla Firefox browser, click the Bookmarks menu and then select
System Health > CE Ping
You can also enter the following URL for the ping page:
http://vclassbase:9080/FileNet/Engine
• The Content Engine Startup Context (Ping Page) page is displayed.
• Scroll down to locate and then copy the value for the Log File Location key.
• In Windows Explorer, browse to the server1 folder, right-click the
p8_server_error.log file and select Edit with Notepad++.
• Scroll to the bottom of the log file and check for any errors or warnings.
If the configuration and search were completed successfully, there may not be any
errors.
• Close the file and then exit Notepad++.
The syntax is similar to the Where clause of an SQL query. Following is an example of
a filter expression that can be used in a Bulk Content Move job:
DateCreated < NOW() -TimeSpan(365, 'Days')
This expression filters all documents that were created at least a year ago.
For a list of examples of filter expressions, refer to the IBM FileNet P8 Platform V5.5.x
Knowledge Center:
https://www.ibm.com/support/knowledgecenter/en/SSNW2F_5.5.0/com.ibm.p8.ce.admi
n.tasks.doc/p8pcc178.htm
Type of Sweeps
The sweep subsystem supports the following types of sweeps:
• Job sweeps - run one time to process instances of a target class
• Sweep policies
A sweep policy is an object that specifies processing rules for a policy-controlled
sweep. A policy-controlled sweep repeatedly visits all instances of a target class
that are specified in the policy.
• Queue sweeps - provide a generic queuing service. They are especially useful in
controlling the flow of work to a slow or resource-intensive process.
• Custom sweeps - process objects with user-implemented actions
• Background search sweeps - run one time to execute a query that generates
search results
Job sweeps
Jobs sweeps have a definite start and end:
• Starts when the first candidate object is examined
• Ends when each candidate object is examined exactly one time
• Cannot be restarted after it ends.
You can clone the original instance and run the new instance.
The Content Platform Engine includes the following job sweeps with built-in actions.
• Bulk Move Content Jobs - Move large numbers of documents and annotation from
one storage area to another.
Before you create a bulk move content job, you must decide what objects to move,
where you want to move them to, and when you want to move them. Following are
some use cases for a bulk move content job:
• Retire an obsolete storage device by moving all the content to a replacement
device
• Archive content by moving it from a primary storage device to an archival
device or lower-cost storage
• Move content to fixed storage to satisfy regulatory requirements
• Retention Update Jobs - Change the retention period of an object based on the
class of an object or the state of its properties.
• Thumbnail Generation Jobs - Create thumbnail generation requests for existing
documents. The Content Platform Engine includes a thumbnail generation service,
the thumbnail generation sweep job creates requests to the thumbnail generation
service to render the thumbnail images.
• Custom jobs - Process objects in ways that are not built into the server. Requires
that you define a custom action. The action requires a developer to write an action
handler.
Background search sweeps
The background search sweeps are designed for long-running queries, including
queries in which you want to perform special operations such as count objects, and find
minimum and maximum values. You can proceed with other activities while the
background search runs. In addition, background searches are an essential part of the
reporting framework that enables processing of search results. To use the reporting
framework, you must install the Reporting Enablement Extensions add-on.
The system provides a set of background search class templates. You can also create
your own custom search class template.
For more information on how to configure background searches and then create reports
and charts to show the results, refer to:
https://www.youtube.com/watch?v=MWBSbDRYJyY
Sweep policy
A sweep policy object defines the processing rules including target classes, the filter
condition, and the action to be applied. A sweep policy runs continuously. A delay
period between iterations and an end time for the sweep to stop running can be
configured.
The Content Platform Engine includes several sweep policies with built-in actions.
Update storage policy option for Move content sweeps
IBM FileNet P8 Platform version 5.5.2 introduces a new update storage policy option for
move content sweeps. A Bulk Move Content Job or a Content Migration Policy can be
used to move content from a storage device that must be removed from the system
infrastructure. For that reason, it is helpful to have the option to update the storage
policy for the object during the move, to indicate the new device or location.
By default, in a move-content sweep, the value of the Storage Policy property is
retained at the document level. This means that even after a move, a check-out
reservation of the document is still assigned to the original storage area. For some
move sweeps, however, the current storage location is no longer relevant, such as
when you are removing a storage location from your environment. In such cases, you
can apply the Update storage policy option when you create a move-content sweep job.
This changes the Storage Policy for all the documents that are affected by the move to
the new storage location.
In the Administration Console for Content Platform Engine, the creation wizard for a
Bulk Move Content Job or a Content Migration Policy includes the new Update storage
policy option. You can check the option when creating jobs or policies with the intent to
permanently relocate content objects. The new location is then updated in the storage
policy of the objects.
You can also update the property value on the property pane of the sweep object.
Policy-controlled sweep
The policy-controlled sweep object repeatedly examines all instances of a target class
that is specified in the policy.
It has a definite start and indefinite completion and continues to run until it is either
disabled or deleted. A policy-controlled sweep runs at the start time for which it is
configured. If a start time is not set, then the sweep is eligible to start immediately.
A sweep policy and the policy-controlled sweep are two separate objects. A third object
that is called the sweep relationship defines the association between a sweep policy
and a policy-controlled sweep. In the relationship, the sweep policy is a subscriber to
the policy-controlled sweep. A single policy-controlled sweep can be subscribed to by
more than one sweep policy. A policy-controlled sweep and a sweep relationship
cannot be created directly. They are created indirectly by the server when you create a
sweep policy.
Disposal policy
A disposal policy is used to delete objects of a specified class that satisfy the specified
criteria. The criteria can include the state of a property, such as the age of a document.
A disposal policy cannot delete objects that are currently under retention.
The disposal policy creator needs WRITE_ANY_OWNER permission on the object
store.
A disposal policy contains the following details:
• Target class or type of objects that you want to delete (required)
• A filter expression
• Whether to include subclasses of the target class in the list of objects to examine.
• The number of sweep iterations for which to retain results; By default 10 sweep
iterations are kept.
Example scenarios of disposal policies:
• Example 1: Delete superseded minor versions after 30 days from last modification,
keeping only the latest version, and any older major versions.
• Example 2: Imagine an application that creates temporary folders, which are used
as transient containers for documents or subfolders until they are moved to a
permanent location. After the folders are empty for at least 24 hours, the disposal
policy removes them.
Authorization option for disposal policy sweeps
IBM FileNet P8 Platform version 5.5.2 introduces a new option to determine the
authorization model of a disposal policy sweep. Previously, disposal policy sweeps
assumed the authorization of the object owner when attempting to delete an object.
However, for most other sweep types the sweep assumes the authorization of the
creator of the sweep.
The new option in the disposal policy sweep creation wizard gives you the choice
between these two models. You can choose to have the sweep that is run as the owner
of each object, or as the owner of the sweep object. Because the owner of the object
might not have delete rights, whereas the Admin who created the sweep does have
delete rights.
Content migration policy
A content migration policy is used by an administrator to configure an object store to
automatically move content from one storage area to another based on age, most
recent access, or other business criteria.
Typical use cases for content migration policies:
• Implement simple hierarchical storage scheme where content is moved between
high-cost and low-cost storage media based on age or frequency of access.
• Automatically move content to a fixed storage device for regulatory purposes
based on business events.
• Incrementally move federated content from a third-party repository into a FileNet
P8 storage area.
A content migration policy contains the same properties as a disposal policy plus one
more option: End replication after move.
The end replication after move option is a Boolean property that applies when you are
federating content and is ignored otherwise. When set, it causes to end the federation
relationship with replicas that are stored in the source repository.
Content consistency sweep
In IBM FileNet P8 Platform version 5.5.2, the functionality of the Consistency Checker
standalone tool is replaced by the addition of a content consistency sweep job in the
Administration Console for Content Platform Engine.
The Consistency Checker standalone tool is installable only on a Windows system. The
new Consistency checker sweep job, that is part of the Sweep mechanism, runs within
the Administration Console for Content Platform Engine and is supported on all Content
Platform Engine platforms.
The capabilities of the general sweep FilterExpression are available to control what
documents or annotations are checked. This includes but is not limited to picking out a
particular storage area or objects that were created in a particular date range.
The scalability and resilience features of sweeps are also available. This includes
setting max workers and batch size, and the ability to tune the query that is used by the
sweep. In addition you can use timeslots to schedule when the sweep runs.
• From the Storage Areas tab, click the BulkMoveStorage Area link to open its
properties.
• From the BulkMoveStorage Area tab, click the Storage Policies subtab to view
the policy (Bulk Move Storage Policy) that is associated with this storage area.
You will configure Bulk Move Storage Policy as the destination in the Sweep Job
that you create.
• Close the Storage Areas and BulkMoveStorage Area tabs.
• From the Sales tab, collapse the Administrative node, expand Browse > Root
Folder, and then click the TestBulkMove folder.
• On the TestBulkMove tab, observe that nine documents are listed.
• In the Class column, verify that five documents belong to the PurchaseOrder
class and four documents belong to the PriceQuote class.
• From the Sales tab, collapse the Browse node, expand Sales > Data Design >
Classes > Document, and then click the PurchaseOrder class.
• From the PurchaseOrder tab > the General subtab, scroll down, and then
observe that the Default storage area field has the associated storage area
(PurchaseOrderFileStorageArea).
• Repeat the steps to verify that the PriceQuote class also has
PurchaseOrderFileStorageArea associated with it.
• On the right pane, close all the open tabs.
• Click Next and then on the Define Sweep Targets page, for the Target class
field, select PurchaseOrder.
• For the Filter expression field, build the expression in the following steps:
• On the navigation pane, expand Sales > Administrative > Storage >
Storage Areas and then click PurchaseOrderFileStorageArea.
• From the PurchaseOrderFileStorageArea tab on the right, on the General
subtab, copy the GUID value in the ID field.
• In Notepad, build the following expression by using the GUID value:
StorageArea=OBJECT('{GUID}')
• Replace GUID with the value that you copied.
Type the value exactly as shown and verify that no typing errors are in the filter
expression statement. It is case-sensitive and extra spaces are not allowed.
Make sure to use single quotation marks, and no smart quotes, or no double
quotation marks.
• On the New Bulk Move Content Job tab, for the Filter expression field, paste
the expression that you built.
The update storage policy option (new to FileNet P8 Platform V5.5.2) is used when
you move content from a storage device that must be removed from the system
infrastructure. This option updates the storage policy, for the object during the
move, to indicate the new device or location. So that if the document is checked
out, the check in will not automatically use the original storage policy.
• Click Next and then on the Define Bulk Move Content Job Dates page, type
today’s date for the Effective start date field.
For example, 4/10/2019. After typing, click in the next field or outside of the current
field for the system to automatically format the date.
• Type tomorrow’s date for the Effective end date field.
Example: 4/11/2019
• Edit the start time to the current time of the image + 2 minutes.
Make sure to change AM to PM if necessary.
• Edit the stop time, change AM to PM, and then click Next.
• On the Summary page, review the information and then click Finish.
• On the Success page, click Close.
• From the Bulk Move Content Jobs tab, click Refresh and then verify that the new
sweep job (BMCJob) is listed.
Troubleshooting tips: If the Filter expression value has an error, the wizard does
not create the Job and it shows an error. In the example used here, notice that the
expression is missing a single quotation before the start of the GUID.
With this filter expression, when you try to finish the wizard, you will get an error as
shown in the following screen capture:
To fix the format, click OK to close the Error window. Click Back in the wizard,
correct the Filter expression value, and complete the wizard.
• Verify that Examined object count and Processed object count are 5, and
Failed object count is 0.
It might take a few minutes for the Sweep Job to complete. If the results are not
displayed, wait a couple of minutes and click Refresh again.
If the Sweep start and end date fields are blank even after fifteen minutes, the
sweep job did not run. Verify that the Effective start and end dates are correct.
If the Sweep start and end dates are not blank, but the Processed object count=0,
verify that the filter expression is correct.
• In the Sales tab, on the navigation pane, expand Sales > Administrative >
Storage, and select Storage Areas.
• In the Storage Areas tab, click Refresh and then verify the target storage area
(PurchaseOrderFileStorageArea) now contains only four files (instead of nine)
and the destination storage area (BulkMoveStorageArea) contains five files.
When you run the Bulk Move Content Job (BMCJob), the content for the five
documents of the PurchaseOrder class is moved from the
PurchaseOrderFileStorageArea to the BulkMoveStorageArea.
The four documents of the PriceQuote class are not moved and are still in the
storage area, PurchaseOrderFileStorageArea.
You can also search for the documents of the PurchaseOrder target class that is
used for the bulk move content job, and verify that their Storage area value is
changed.
In the following screen capture, the PurchaseOrder1 document was opened from
the TestBulkMove folder. On the Properties tab, observe that its Storage area now
is BulkMoveStorageArea.
• Leave the default value (Object Owner) for the Authorization mode field.
You also have a new option to select Sweep Owner.
• Click Next and then paste the object reference for the Target class field by
completing the following steps.
• On the left pane, expand Sales > Data Design > Classes > Document.
• Right-click PriceQuote and then click Copy Object Reference from the list.
• Back on the New Disposal Policy tab, click Paste Object and then verify that the
Target class field now has PriceQuote as the value.
• For the Filter expression field, if you have saved the expression from the previous
task, you can use that or paste the GUID by completing the following steps.
• On the left pane, expand Sales > Administrative > Storage > Storage Areas
and then click PurchaseOrderFileStorageArea.
• On the PurchaseOrderFileStorageArea tab > General subtab, copy the
GUID value in the ID field.
• In Notepad, build the following expression by using the GUID value:
StorageArea=OBJECT('{GUID}')
Replace GUID with the value that you copied. Verify that no typing errors are in the
filter expression statement. Type the value exactly as shown. It is case-sensitive
and extra spaces are not allowed. Make sure to use single quotation marks and no
smart quotes or double quotation marks.
• In the New Disposal Policy tab, for the Filter expression field, paste the
expression that you built.
This expression filters only the documents in this Storage Area.
• Leave the default values for the following fields:
• Include subclasses: Not Enabled
• Number of sweep iterations: 10
• Click Next, on the Define Policy Dates page, leave the date fields blank, and then
click Next.
This setting allows the sweep policy to start immediately.
• On the left pane, expand Sales > Browse > Root Folder and then click
TestBulkMove to open the folder.
• On the TestBulkMove tab, click Refresh and then verify that the four documents
that belong to the PriceQuote class are deleted from the folder.
Of the nine documents, only five documents are listed now. The four documents of
PriceQuote class are no longer listed.
• On the left pane, expand Sales > Administrative > Storage and then click
Storage Areas.
• From the Storage Areas tab, click Refresh and then verify that the
PurchaseOrderFileStorageArea (from where you deleted the files) shows 0
(zero) for Total Files column.
• Log out of the administration console and close the browser.
• On the left pane of the EDU_P8 tab, expand the Object Stores folder and click the
Sales object store.
• From the Sales tab, expand Sales > Administrative > Storage on the left pane
and then click Storage Areas.
• From the Storage Areas tab, verify that the PurchaseOrderFileStorageArea
contains zero files.
You will add documents to this storage area after you define the policy and monitor
the counters. This is the source storage area from where the documents will be
moved.
• Click the BulkMoveStorageArea link.
This is the destination storage area where you want to move the files.
• From the BulkMoveStorageArea tab, select the Storage Policies subtab and
verify that it is associated with Bulk Move Storage Policy.
You will specify this storage policy in your new content migration policy in the
following task.
• Close the tabs.
Create a content migration policy.
In this task, you will create a content migration policy. For more details on the steps,
refer to the previous task.
• On the left pane, collapse Administrative, expand the Sweep Management >
Sweep Policies, and then click Content Migration Policies.
• From the Content Migration Policies tab, click New.
• On the New Content Migration Policy tab, complete the Name the Policy page
with the following data:
• Display name: MoveNewContent
• Sweep mode: Preview
The Preview option operates similarly to the Normal mode, except that the
content of the selected objects is not moved. This mode is useful for testing
the configuration and you will be able to preview the expected outcome.
• Complete the Enter Sweep Criteria page with the following data:
• Target class: PurchaseOrder
Copy the object reference from the PurchaseOrder class and paste it.
• Filter expression: StorageArea=OBJECT('{GUID}')
Where GUID = the ID for PurchaseOrderFileStorageArea
Use the filter expression that you built for PurchaseOrderFileStorageArea in
the Create a disposal policy task.
• Storage policy names: Bulk Move Storage Policy
• Include subclasses: Not selected
• End replication after move: Select the option
• Update storage policy: Not selected
• Result retention: 2
• Complete the Define when Sweeps Can Run page with the following data:
• Effective Start date: Today’s date (Example: 04/11/2019) adjust the time to 3
minutes after the current time; verify AM or PM is entered correctly.
• Effective End date: Tomorrow’s date (Example: 04/12/2019)
• On the Summary page, verify the details, click Finish, and then click Close on the
Success page.
• On the Content Migration Policies tab, click Refresh and then verify that the new
policy (MoveNewContent) that you created is listed.
Add time slots to the policy-controlled sweep.
You cannot configure time slots directly on sweep policies and must configure them on
policy-controlled sweeps. In this task, you will determine the policy-controlled sweep
that is associated with your sweep policy and then add a time slot to control when the
policy sweep runs.
• From the Content Migration Policies tab, click the new policy link
(MoveNewContent) to open it.
• On the General tab, find the Policy-controlled sweep field and then verify that the
value is Document.
• On the left pane, expand the Sweep Management > Policy-Controlled Sweeps,
and then click Document to open it.
• On the Document tab, scroll down, and then, under Schedule, click New.
• On the New Time Period page, select or enter the following values:
• Day of the week: Select today’s day of the week.
• Start time: Select a time slot that is at least 5 minutes later than the time you
specified for the Effective start.
• Duration: 20 min
• Click OK to close the page, click Save on the Document tab, and then close the
Document tab.
Test the content migration policy.
In this task, you will verify the properties of the policy that you created, create a new
document of the PurchaseOrder class, and verify the storage areas and policy.
• On the MoveNewContent tab, click Refresh and then in the General subtab,
observe the processed counts are 0 (zero).
• On the left pane, expand Sales > Browse > RootFolder and then click
TestBulkMove to open it.
• From the TestBulkMove tab, click Actions > New Document, and then complete
the wizard by using the following values.
• Document title: PO1
• Class: PurchaseOrder
• With content: Selected
• Click Next a few times until you get to Advanced Features and if it is not already
selected, select PurchaseOrderFileStorageArea for the Storage area field.
• On the Summary page, verify the details and click Finish and on the Success
page, click Close.
• On the left pane, expand Sales > Administrative > Storage, and click Storage
Areas.
• From the Storage Areas tab, click Refresh and then verify that the
PurchaseOrderFileStorageArea contains one file.
If the Storage area tab is not already open, open it.
This is the document that you just added to this storage area.
Next, verify the counters of the content migration policy. If the MoveNewContent
tab is not opened already, open it:
• On the left pane, expand the Sweep Management > Sweep Policies >
Content Migration Policies, and then click MoveNewContent.
• From the MoveNewContent tab, click Refresh, scroll down, and then observe the
various object counts.
If the counts shows 0, wait for a few minutes and then click Refresh again.
It takes a few minutes to run each iteration after the time slot start time and the
process completes after 20 minutes (your configured duration time).
• Wait until the Completed Count field shows 2 and then observe the updated
counters.
Some of your counts may vary from the following example.
• Completed count: 2
This value shows the number of times (iterations) the sweep policy ran.
• Examined Count: 104
This value is calculated by multiplying (Processed count) (Current examined
count): 2 * 52 = 104
• Processed count: 2
The total number of objects (whose content was successfully moved) that are
processed in all the iterations. Even though the count is 2 due to 2 iterations,
they are the same source object. You added only one document.
• Failed count: 0
Total number of failures in all the iterations.
• Current examined count: 62
The number of examined objects in the current iteration. The objects refer to
rows in a database table that are examined.
• Current processed count: 1 (current iteration)
• Current failed count - Number of failures in the most recent iteration.
• Click the Sweep Results tab and notice that there are 2 items.
Even though two items are listed, they are the same source object. The iteration
column shows you which iterations each row results from.
The result records can quickly accumulate. You can limit the number of sweep
records by setting the number of sweep iterations with result records to retain and
deleting individual result records.
You can also delete the sweep policy to remove all the result records or create a
disposal policy that targets the sweep result class.
• Log out of the administration console and close the browser window.
Other IBM and external assets typically includes the following assets:
• IBM Content Navigator (ICN) desktops to provide custom user interfaces
• External services like, web services and database services
• Custom code
Migration and deployment tools
You migrate and deploy:
• the FileNet P8 assets with FileNet Deployment Manager
Security usually differs between environments.
• the IBM Content Navigator (ICN) desktops with ICN administration tool
• other IBM and external assets with application-specific tools
Migration and deployment phases
The migration and deployment of the FileNet P8 Platform application assets moves
from Development to UAT and Production.
The migration and deployment process can typically be divided into the following major
phases: planning, migration, analyzing, backing up the system, deployment, and
verification.
Plan
The first step in migrating the assets to a different environment is the planning phase.
You review the following information for the source and destination environments and
their compatibility: application assets, object stores and other objects, hardware and
software requirements, system and asset configuration, security roles, LDAP users and
groups, and dependencies
As you complete the review, you document this information and begin creating
migration and deployment instructions that are refined over time.
Documenting each process saves time, reduces errors and risks, and ensures similarity
among environments. You can leverage the experiences and configurations from
testing environments when an application is migrated and deployed to production.
For more information on deployment planning, refer to the IBM FileNet P8 Platform
V5.5.x Knowledge Center:
https://www.ibm.com/support/knowledgecenter/SSNW2F_5.5.0/com.ibm.p8.common.d
eploy.doc/overview_planning.htm#overview_planning
Migrate
For the migration, you use information from the planning phase to prepare an
application package for deployment. To ensure that a consistent version of the
application is packaged, stop all development activities (for the application that will be
migrated) while the assets are exported. Ideally, the documentation that you develop
during the planning phase includes information about communicating the work
stoppage to the correct teams, the steps for implementing it, the time required for
completing the step, any validation work that needs to be performed after each step,
and the person or team responsible for performing each step.
Analyze
During the analyzing phase, you analyze the impact of the migration and deployment
on the destination environment. This analysis enables identification and mediation of
issues that might cause errors. In some tools, this analysis is known as a change
impact analysis report. If this report is generated, it can be archived and used for review
or audit activities. The archived reports can be used iteratively to improve the migration
deployment process.
Back up the system
When you create a backup for your system, you suspend activity on the system for the
destination environment. Before any modification, it is always prudent to back up the
portions of the system that are affected by the changes. This practice allows a
consistent snapshot of all related data to be captured.
Deploy
For the deployment, you follow the steps outlined in the migration deployment
instructions to import the application into the destination environment. The needs of
your organization, the architecture of your system, and requirements of the application
itself all determine the number and order of these tasks.
Verify
During the verification phase, test the migrated application in the destination
environment to verify that all of its components are working correctly. The tests that you
need to complete vary according to the features and expected behaviors of the
migrated application. The migration and deployment instructions should include a plan
for verifying the migration, with specific tests to probe areas of change.
Plan the migration and deployment strategy
Things to consider when planning the application migration and deployment strategy:
• What environments do you need to migrate and deploy the application to?
• How is change control for the application maintained?
• What application assets do you need to be modify?
• What security changes do you need on Test, QA, or Production environments?
• Who will run the export of the application assets in the development environment?
For example, the Solution Builder or Developer
• What is the expected lifecycle of the application?
• In what environment will you make the updates before migrating and deploying to
Production?
The migration and deployment instructions
Create a document, for the migration and deployment instructions, during the
development phase of your application to make the process more efficient. The
migration and deployment instructions will need refining as the migration and
deployment process begins.
You can also create a spreadsheet with columns showing Tasks, Performed by,
Expected duration, Validation Steps, Performed on (Date), start time, end date,
completed (Y/N/In progress), Notes.
The migration and deployment instructions document typically contains the following
items:
• Application Package description:
A list of the contents in the application package, descriptions of the application
components and the tool used to develop them
• Prerequisites
System configuration steps that are needed before the use of FileNet Deployment
Manager, such as the necessary object stores are created in the destination
environment with all the necessary Add-ons installed
• Migration and Deployment
• Detailed steps on how to migrate and deploy FileNet P8 assets, other IBM
assets, and external assets
• Security configuration details
• Any post-requisite steps that are needed after the migration and deployment of
the application
• Application Verification
• Describe the purpose of the application and the roles involved, include steps for
testing the application in the destination environment, and to verify that the
application is operational.
For more information on assembling migration and deployment instructions, refer to the
IBM FileNet P8 Platform V5.5.x Knowledge Center:
https://www.ibm.com/support/knowledgecenter/SSNW2F_5.5.0/com.ibm.p8.common.d
eploy.doc/overview_planning.htm#overview_planning
Guidelines to migration and deployment
The migration and deployment of a FileNet P8 Platform application from one
environment to another requires the collaboration of various people, such as solution
builders, developers, FileNet P8 administrators, and security managers.
The solution builder needs to:
• track the application assets during design and development of the application
Include the name, type, and description of the assets, any dependencies between
assets, the location of the asset and the source security.
Adopting this practice saves time and increases the success of the migration and
deployment process.
• plan where to store the application assets, for example a file system folder that can
be compressed
The compressed file can serve as an application package, which can be checked
into your company’s change control system.
• write the initial migration and deployment instructions to give to the administrator.
The solution builder and the administrator need to:
• collaborate and carefully plan security
Security is generally different in each environment.
• define a security mapping table to list how the security users and groups map
between the different environments
The administrator needs to:
• follow the migration and deployment instructions to complete the migration
• update the migration and deployment instructions as needed for the different
environments
By the time the administrator needs to migrate the application into production, the
migration and deployment instructions should outline a reproducible migration
process with an expected timeline.
• In the Search Results section, select Sysadmins from the Available Users and
Groups pane and move it to the Selected Users and Groups pane by using the
forward arrow.
• Scroll down and then click OK to close this page.
• Repeat the steps to add p8admins.
• Verify that the Sysadmins and p8admins groups are listed on the Grant
Administrative Access page.
• Click Next, on the Grant Basic Access page, repeat the steps to add the Clerks
group, and then click Next.
• On the Select Add-ons page, click Default Application Configuration and then
verify that several add-ons are selected.
• Click Next, review your selections on the Summary page, and then click Finish to
create the object store.
• Wait for the process to complete and on the Success page, click Close.
• From the Object Stores tab, click Refresh and verify that SalesUAT is listed.
• Log out of administration console and close the browser.
• From the Install Add-on Features page, on the lower pane (Installed add-on
features), verify that the following add-on features are listed and then click Cancel.
• 5.2.1 Base Content Engine Extensions
• 5.2.1 Process Engine Extensions
• 5.2.1 Base Application Extensions
• 5.2.1 Stored Search Extensions
• 5.2.1 Publishing Extensions
• 5.2.1 Workplace Base Extensions
• 5.2.1 Workplace Template Extensions
• 5.2.1 Workplace Access Roles Extensions
• 5.2.1 Workplace XT Extensions
• 5.2.1 Teamspace Extensions
• IBM Content Navigator 2.0.3. Entry Template Extensions
• On the left pane, expand the Object Stores folder, right-click the SalesUAT object
store, and then select Install Add-on Features.
SalesUAT is the destination object store.
• From the Install Add-on Features page, on the lower pane (Installed add-on
features), verify that the following two add-on features that are installed in the
Sales object store, are not installed in the SalesUAT object store.
• 5.2.1 Teamspace Extensions
• IBM Content Navigator 2.0.3. Entry Template Extensions
Since the Sales application assets do not include any team spaces or entry
templates, you can leave these 2 add-on features uninstalled. However, for this
activity, you install the add-on features to practice this step.
• From the upper pane (Select the add-on features to install), select 5.2.1
Teamspace Extensions and IBM Content Navigator 2.0.3. Entry Template
Extensions and then click OK.
Wait for the install to complete.
• In FileNet Deployment Manager, right-click the Sales_Dev node and then select
Open.
The environment opens and the CPE Connection tab is selected (which is shown
in the middle between the upper and lower panes) because FDM detects that the
connection is not configured.
You will first complete the CPE Connection configuration.
• On the CPE Connection tab, select or type the following values.
• Server: vclassbase
After you type the server name, the URL is populated automatically.
• Save the password: Select the option
• Username: p8admin
• Password: FileNet1
• Click File > Save to save your entries and then click Test Connection.
You receive a message with the text Successfully Connected to the right of Test
Connection.
The Console tab at the end of the page also displays the message.
Notice that the Status column shows no entries. After you extract the data, the
status will be updated to show the entries.
• On the Retrieve Data for Object Store Half Map page, select the From Content
Platform Engine option, and then click Next.
• Select the following two options:
• Retrieve storage policies for each object store
• Retrieve storage areas for each object store
• Leave the default value for Mode (Merge retrieved data with existing half map),
click Finish, and then click OK to close the success confirmation message.
• Back on the Sales_UAT tab, verify that the Half Maps status is updated:
The Object Store, Storage Policy, and Storage Area types are listed with their
status.
• Expand the Sales_UAT node in the tree view on the left pane, right-click the
Object Store Data node, and then select Open.
• Verify that all the available object stores in the environment are listed on the right
pane.
Your list of object stores might be different depending on how many previous
activities you have completed in this course.
• On the row that contains the SalesUAT value, type SalesOS in the Label column.
Double-click the field to enter the value.
This step adds a label to the destination object store half map to facilitate mapping.
• Click File > Save and then close the Object Store Data for Sales_UAT tab.
Retrieve security principal half map for the destination
environment.
Before retrieving the users and groups for a destination environment, planning must
take place to decide what users and groups are used in the destination environment.
For this task, the following user and group accounts are used for the destination.
• p8admin
• Sysadmins
• Clerks
In this task, you will check a filter label file and then extract the security principal data
half map for the destination environment.
• In Windows Explorer, browse to the C:\Training\F2810G folder, copy the
SalesUAT_Users_Map.txt file, and paste it in the C:\EDU-Deploy folder.
Check the users and groups that are listed in the file (p8admin, Sysadmins, and
Clerks) which are same as required for the Destination Environment. The
corresponding labels (admins and users) have also been added separated by a
comma. One entry per line.
• Close the file.
• In FileNet Deployment Manager, on the Sales_UAT tab, click the second
Retrieve Data (for the Security Principle Type).
• Select the From Content Platform Engine's LDAP Provider option.
Two options are available when you retrieve the security principal data:
• Deploy Data set (default) - commonly used for the source environment
• From Content Platform Engine's LDAP Provider - commonly used for the
destination environment
If you choose the Content Platform Engine's LDAP Provider option, you can
specify an LDAP Realm and you can filter to specific users and groups with a label
file. A label file enables you to restrict the number of users and groups that are
retrieved. You need to retrieve only the users and groups that need to be mapped.
• Click Next and then click Retrieve Realms.
This step retrieves all the LDAP realms that are configured in the FileNet P8
domain. On the student system, only one realm exists for the FileNet P8 domain.
• Under the Filter section, select the Use a Label File option.
• Under the Filter Settings section, click the ellipsis (…) to browse to the C:\EDU-
Deploy folder, select the SalesUAT_Users_Map.txt file and then click Open.
• Verify the file location is listed in the Filter Settings section, leave the default value
for Mode (Merge retrieved data with existing half map) and then click Finish.
• Click OK when you are prompted with the message that successfully retrieved the
principle data.
• Back on the Sales_UAT tab, verify that the Half Maps status for Security Principal
is updated:
• Read the description and dependencies for each row and then minimize the
spreadsheet.
In the next steps, you will explore the FileNet P8 assets in the Sales object store.
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the left pane, expand the Object Stores folder and then click the Sales object
store.
• From the Sales tab, on the left tab, expand Sales > Browse > Root Folder, and
click the Orders folder to open it.
• From the Orders tab, on the Contents tab, a list of documents of the following
classes are shown: Order, ProductOrder, and ServiceOrder.
Verify the class values on the Class column.
• Close the Orders tab.
• On the left navigation pane, expand Data Design > Classes > Document and
then select Order to open it.
• Select the Property Definitions tab, and verify that there are six property
definitions.
• From the left navigation pane, expand the Order class and explore the two
subclasses listed.
• Verify that ProductOrder contains one extra property definition (product_ids) and
ServiceOrder contains two extra property definitions (hours, service_date).
• On the left navigation pane, expand the Browse > Root Folder node and then
open the Customers folder.
• On the Contents subtab, change the default view of Show Documents by
selecting Show Custom Objects from the list.
• Verify that two objects are listed and both objects belong to the Customer class.
• In the left navigation pane, expand Data Design > Classes > Custom Object and
open Customer.
• Select the Property Definitions tab and verify that there are two property
definitions.
In Summary, the Sales application contains the following FileNet P8 assets. When
you are exporting, it is important to gather this information, so that when the data is
exported, you can validate the number of assets.
• Orders, Folder
7 documents of Order class, 2 documents of ProductOrder class, and 12
documents of ServiceOrder class
• Customers, Folder
2 custom objects of Customer class
• Order, subclass of Document
6 property definitions
• ProductOrder, subclass of Order
1 extra property definition
• ServiceOrder, subclass of Order
2 extra property definitions
• Customer, Custom Object
2 property definitions
• Log out of the administration console and close the browser.
Create the export manifest.
In this task, you create an export manifest in FileNet Deployment Manager.
• If it is not already open, double-click the FileNet Deployment Manager icon on the
desktop to open it and then click OK to accept the deployment tree location (C:\
EDU-Deploy).
• Expand Environments > Sales_Dev, right-click the Export Manifests node, and
then select New > Export Manifest.
• Click the green plus icon from the toolbar to add assets to the export manifest.
• On the Add Assets window, from the tree view on the left pane, expand Object
Stores > Sales > Browse and then select the Root Folder.
• In the right pane, select the Customers folder and then select Orders by Ctrl-
clicking it.
• Click Add and then click Close to close the Add Assets window.
• Back on the Sales-app-assets.xml tab, with the two rows (Customers and
Orders) selected, click the pencil icon from the toolbar to open the Include
Options window.
You can simplify the export process by using the Include Options. To export only
the assets you need, clear certain options, depending on the type of asset you are
exporting.
• From the Include Options window > the Folders and Contained Objects section,
clear the Include parent folders option.
You do not want to include Root Folder that is the parent folder in the export. You
are including, subfolders, contents of folders, and relationships to containing folders.
• From the Document-Related section, select the Include annotations on
documents, folders, and custom objects option and clear others.
For the Sales Application, only the current versions of the documents need to be
exported. No compound documents exist, so it does not matter whether you select
the option to include compound document components. Selecting include options
that do not apply to the asset in the export manifest have no effect.
• From the Data Design section, select the Include subclasses option and ensure
that all the options except the Include modified system classes option are selected.
From the Application Asset Tracking spreadsheet, you know that the Order class
includes two subclasses. You can select the option to include subclasses or you
can leave the option cleared and explicitly add the two subclasses to the export
manifest.
• Click OK to close the Include Options window.
• Click File > Save All to save your entries.
Notice how adding two items to the export manifest with appropriate include
options results in many exported items.
• Close the file and exit Notepad++.
Extract the data half maps from the deploy data set.
In this task, you will use the deploy data set that you created earlier to extract the data
half maps for the source environment.
• In FileNet Deployment Manager, double-click the Sales_Dev environment to
open it.
• Click the first Retrieve Data to retrieve the object store data.
It is the top one next to the Object store Type.
Notice that the Status column shows no entries now. After you extract the data, the
status will be updated to show the entries.
• Verify that the Deploy Data Set File option is selected and then click Next.
If it is not already selected, select the Deploy Data Set File option. Recall you
selected the other option for the destination environment.
• For the Select Deploy Data Set field, ensure that the correct deploy data set is
selected: C:\EDU-Deploy\Environments\Sales_Dev\Assets\Sales-app-assets
• Select the following two options:
• Retrieve storage policies for each object store
• Retrieve storage areas for each object store
• Leave the default value for Mode (Merge retrieved data with existing half map).
• Click Finish and then click OK to close the success confirmation message.
• Back on the Sales_Dev tab, verify that the Half Maps status is updated:
The Object Store, Storage Policy, and Storage Area types are listed with their
status.
• Expand the Sales_Dev node in the tree view on the left pane, right-click the Object
Store Data node, and then select Open.
• Verify that the Sales object store is listed on the right pane.
• To add a label to the object store half map, type SalesOS in the Label column and
save your entries by clicking File > Save.
Recall that the same label was used for the destination environment.
• Close the Object Store Data for Sales_Dev tab.
In the next step, you will retrieve Security Principal data.
• In the Sales_Dev tab, click the second Retrieve Data.
It is the middle one next to the Security Principle Type.
• Verify that the Deploy Data Set File option is selected and then click Next.
If it is not already selected, select the Deploy Data Set File option.
• For the Select Deploy Data Set field, ensure that the correct deploy data set is
selected: C:\EDU-Deploy\Environments\Sales_Dev\Assets\Sales-app-assets
• Leave the default value for Mode (Merge retrieved data with existing half map)
and then click Finish.
• Click OK to close the success confirmation window.
• Back on the Sales_Dev tab, verify that the Half Maps status for Security Principal is
updated:
• Expand the Sales_Dev node in the tree view on the left pane, double-click the
Security Principal Data node.
A list of security principals retrieved on the right pane.
• Add labels to the following entries by double-clicking the cell in the Label column
and then typing the value.
• admins for p8admins
• users for p8users
Since p8admin is the same name for both environments, no label is needed.
• Click File > Save to save the changes and then close the Security Principal Data
for Sales_Dev tab.
In the next step, you will retrieve Service data.
• On the Sales_Dev tab, click the third Retrieve Data, the one for the Service.
• Verify that the From CPE Deploy Data Set option is selected and then click Next.
If it is not already selected, select the From CPE Deploy Data Set option.
• For the Select Deploy Data Set field, ensure that the correct deploy data set is
selected: C:\EDU-Deploy\Environments\Sales_Dev\Assets\Sales-app-assets
• Leave the default value for Mode (Merge retrieved data with existing half map)
and then click Finish.
• Click OK to close the success confirmation window.
• Back on the Sales_Dev tab, check the Half Maps status.
The status shows that there are no entries for the Service. Because, the assets in
the deploy data set (Sales-app-assets) do not reference any service data, no
service data entries are retrieved. It is a good idea to always extract the service
data to make sure that no service data is missed.
• Click File > Save to save the changes, and then click File > Close All to close all
the open tabs.
• Leave FileNet Deployment Manager open for the next activity.
• Type a description, select Sales_Dev for the Source Environment field, and then
select Sales_UAT for the Destination Environment field.
• Click Finish and verify that the new source-destination pair is listed in the
navigation pane.
Create the source-destination pair data maps.
In this task, you use the source and destination environment half maps to create
source-destination pair data maps.
• On the left navigation pane, expand the Source-Destination Pairs node and
double-click Sales_Dev_to_Sales_UAT to open the source-destination pair.
• On the Sales_Dev_to_Sales_UAT tab, click the first Map Data (for the object
store) and then click OK to close the success confirmation window.
The object store map tab opens.
• Verify that the source name (Sales) is mapped to the destination name
(SalesUAT) and then close the tab.
Each row in a data map contains the information of the combined source and
destination half maps for that data map type.
The first column in each row contains an information icon and when you place your
cursor over the icon, a snapshot of the entire contents of the row is displayed.
The second column in each row contains a green check mark icon and it indicates
a successful mapping of a source and destination half map item. If the mapping
was created manually (by a matched user-entered label pair in the source and
destination half map items), a pencil symbol is included in the icon.
A red question mark icon for the second column indicates an unmapped source
half map item.
• Close the Object Store Map tab.
• On the Sales_Dev_to_Sales_UAT tab, click the second Map Data (for the security
principal) and then click OK to close the success confirmation window.
If you are prompted with a warning message: more than one source principal is
mapped to the same destination principal, select the option not to perform the
check next time and then click OK.
The security principal tab opens with a list of security users and groups on the
source and destination environments.
The second column for the p8admin row contains a gear icon in addition to a green
check mark icon. If the mapping is the result of an automatic pairing of a source
and a destination half map item that is based on matching column field values, a
gear symbol is included in the icon.
• Click File > Save and then close the tab.
Convert the deploy data set.
In this task, you use the source-destination pair data maps you created and the deploy
data set that contains the exported FileNet P8 assets to convert the assets. The
conversion process modifies the assets to use the destination environment object store
and security principals.
• On the left navigation pane, right-click the Sales_Dev_to_Sales_UAT source-
destination pair and select Convert Assets.
• Check the deploy data set (C:\EDU-
Deploy\Environments\Sales_Dev\Assets\Sales-app-assets) and then click
Next.
Usually you can leave the default, unless you changed the naming conventions
that FileNet Deployment Manager uses. If necessary, browse to the correct folder.
• On the Select Output Folder For Converted Deploy Data Set, leave the default
values for the folder and the file name and then click Finish.
• Folder: C:\FDM-deploy\Environments\Sales_UAT\Assets
• File: C:\FDM-deploy\Environments\Sales-Dev\Assets\Sales-app-
assets.converted
• When you are prompted with the message: Successfully converted the assets,
click OK.
The number of mappings can be much larger than the number of assets exported.
Each asset can have multiple references. Depending on the include options,
references might need to be mapped.
• Leave FileNet Deployment Manager opened for the next activity.
Run a change impact analysis
Before you import the converted FileNet P8 assets into the destination environment,
you want to examine how the destination object store is impacted. In this task, you use
FileNet Deployment Manager to run a change impact analysis and create a report.
• In FileNet Deployment Manager, on the left pane, right-click the
Sales_Dev_to_Sales_UAT source-destination pair and select Analyze.
• On the Analyze Change Impact on Destination Environment page, leave the
default for the Select Deploy Data Set (C:\EDU-Deploy\Environments\
Sales_UAT \Assets\Sales-app-assets.converted) and click Next.
Generally you can leave the default unless any changes to the names are done.
• On the Select Import Analysis Options page, leave the default option and then
click Next.
No assets are imported yet, all the options result in updating all the objects. If it is
not the first time that you are running the import, then choose the appropriate
options.
• On the Change Impact Report Options page, leave the default path (C:\EDU-
Deploy\Environments\ Sales_UAT\Assets\Sales-app-
assets.converted\ChangeImpactReport.xml) and note down the path for the
Change Impact Report file.
• Select the option to Include details for all objects in the report, leave the option
to view report after processing selected, and then click Next.
• In the Summary window, review the options and then click Finish.
When the analysis is complete, you get a message that all assets passed
validation with warnings.
• Click OK.
The Change Impact Analysis Report opens.
Analyze the change impact on the destination environment
In this task, you learn how to read and interpret the change impact analysis report.
• On the Change Impact Analysis Report tab, click the Summary link on the
report, review the information included in the report and note the following details:
• Total # of Assets Analyzed
• Total # of Failures
• Total # of Warnings
• Total # of Assets that would be created during Import
• Total # of Assets that would be Skipped during Import
• Click the Back to Top link, click the Assets that Passed Analysis with Warnings
link, and then explore the first warning:
The first three columns provide the display name, class type, and ID of the object
to be created (Import Operation column).
The Comments column provides the details of the warning: If you attempt to import
the Order Basic 200 object, and use the storage policy or storage area from the
exported object, the import fails. The cause is a related object of StorageArea class
does not exist.
• To find the missing object, copy the last object ID listed in the Comments column
(including the curly braces).
Example: Related object: ID={20DE8764-0000-C515-95B0-C7A9CEE51A67},
Class=StorageArea
The value to be copied is highlighted. This is an example only. The ID value might
be different on your system.
You will search for this object in the administration console in the following steps.
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the left pane of the EDU_P8 tab, expand the Object Stores folder and click the
Sales object store.
• From the Sales tab, on the left pane, click Search.
• From the Saved Searches tab on the right, click New Object Store Search.
• On the New Object Store Search tab > Simple View subtab, complete the search
criteria by using the following data:
• Class: StorageArea
For the Criteria section:
• Property: ID
• Condition: Equal To
• Value: The ID you copied from the report.
• Click Run and then verify that the search results show that the missing object is the
Sales File Storage Area.
You can ignore this warning, because, the FileNet P8 assets Sales Application use
the default storage area that is defined for the destination object store.
Using the same steps above, you can investigate all warnings and failures.
• Log out of the administration console and close the browser window.
• Close the Change impact analysis report tab.
• Under the File Options section, clear the Delete created files on error option and
then edit the text to import-audit for the Audit file name field.
• Click OK, when prompted to save the option set, click OK again, and then Click
Save to save the changes to the same xml file (Sales-app-Import-options.xml).
• Back on the Import Options page, click Finish.
Wait for the import to complete.
• When you get a message that the import completes successfully, click OK to close
the window.
Generate an audit report.
In this task, you will create an audit report and examine it.
• In FileNet Deployment Manager, on the left pane, right-click
Sales_Dev_to_Sales_UAT and select Generate Audit Report.
• On the Audit Report page, select the Generate detailed report option and leave
the default values for all other entries.
• Click Finish and when you get a message that the report generated successfully,
click OK to close the window.
The audit report opens in a browser.
• Scroll down and then examine the Audit Report by expanding some of the objects
under the Details section.
The report contains numerous pieces of information.
• Close the report, FileNet Deployment Manager, Notepad++ and the browser
windows.
Verify the imported FileNet P8 assets.
In this task, you will verify the objects that are imported in the admin console.
• In the Mozilla Firefox browser, click the ACCE bookmark or type the following
URL: http://vclassbase:9080/acce
• Type p8admin for the User name field, FileNet1 for the Password field, and then
click Log In.
• On the left pane of the EDU_P8 tab, expand the Object Stores folder and click the
SalesUAT object store.
• From the SalesUAT tab, expand Sales > Browse > Root Folder on the left pane
and then verify that the Root Folder contains the two subfolders: Customers and
Orders
• Open the Customers folder, select Show Custom Objects on the right pane and
verify that it contains the expected two custom objects.
• Open the Orders folder and verify that it contains many documents on the right
pane.
• Expand Sales > Data Design > Classes > Document on the left pane and then
verify that the Order class is listed and optionally check its property definitions.
• Expand Sales > Data Design > Classes > Custom Object on the left pane and
then verify that the Customer class is listed and optionally check its property
definitions.
• Log out of the admin console and close the browser.
• To verify that you have the correct DeploymentOperation.xml file, open the xml file
in Notepad++ and then ensure that the tag <AnalyzeDeployDataSet> is available.
The information that is normally written to the deployment.log file is displayed in the
command window and also saved in the deployment.log file.
The DeployDataSet tag uses the new environment that you will create. The
DeployPackage tag uses the source environment that you already have from the
previous activities.
• Save the file.
• Open the Security Principal Data and verify that it matches the security principal
data for the Sales_Dev environment.
• In Windows Explorer, navigate to the C:\EDU-
Deploy\Environments\Sales_test\Assets folder and then verify the deploy data
set (Sales-app-assets folder) is created.
• Close all Windows Explorer windows and FileNet Deployment Manager.
• Close the command prompt window and Notepad++.
In this activity, you created the DeploymentOperation file from the sample files that
FileNet Deployment Manager created. You can also use the FileNet Deployment
Manager GUI to expand the deploy package then save the DeploymentOperation
file created by FileNet Deployment Manager.
Benefits of containers
Deploying IBM FileNet P8 Platform components on a container platform provides the
following benefits:
• Rapid deployment of components
• Improved patching and upgrading for components
• Dynamic scalability when running on the Kubernetes container platform
• Improved resiliency for your products
Available containers for IBM FileNet P8 Platform
The following components are available as a container:
• Content Platform Engine
• Content Search Services
• IBM Content Navigator
• Content Management Interoperability Services (CMIS)
You can configure your Content Platform Engine and IBM Content Navigator container
deployments to enable the sharing of content with users that are external to your
organization. Configuration for this feature includes deploying an additional container to
enable external sharing. Note that the external share feature is also available in a non-
containerized environment.
In addition to these containers, the IBM Business Automation Configuration Container
is also offered for deployments on IBM Cloud Private. When deployed, this container
provides a configuration tool that offers a more streamlined configuration experience
than other container deployment methods.
Containers on IBM Cloud Private
IBM Cloud Private is an application platform for developing and managing on-premises,
containerized applications. It is an integrated environment for managing containers that
includes the container orchestrator Kubernetes, a private image registry, a
management console, and monitoring frameworks.
Review Questions
Question 1: True or False: You can deploy FileNet P8 content services containers on
an IBM Cloud Private environment
Answer 1: True
Question 2: Deploying the IBM FileNet P8 Platform components on a container
platform provides which of the following benefits? (Select all that apply)
A. Rapid deployment
B. Improved patching and upgrading
C. Dynamic scalability
D. Improved resiliency
Answer 2: A, B, C, and D
Deploying the IBM FileNet P8 Platform components on a container platform provides
rapid deployment, improved patching and upgrading, dynamic scalability, and improved
resiliency
Question 3: True or False: FileNet P8 content services containers support Content
Platform Engine clients by using Enterprise JavaBeans (EJB) transport
Answer 3: False
FileNet P8 content services containers support Content Platform Engine clients by
using Content Engine Web Services (CEWS) transport
Question 4: In which of the following scenarios can you use container deployment for
the IBM FileNet P8 Platform components? (Select one)
A. You have custom applications that use the Content Platform Engine EJB transport
B. You need to use IBM Enterprise Records application that is integrated with IBM
Content Navigator
C. You use a single IBM Content Navigator instance to connect to IBM Content
Manager on Demand and IBM FileNet P8 Platform
D. You use a single IBM Content Navigator instance to connect to IBM FileNet P8
Platform
Answer 4: D
FileNet P8 content services containers support CEWS transport
At the time of writing this course, IBM Enterprise Records and IBM Content Manager on
Demand are not supported for containers.
• Data isolation
• IBM FileNet P8 Platform provides flexibility for the physical location of content
• Content can be stored on different file systems in the same physical location,
as well as on different file systems in geographically diverse locations
• Security
• Access to the IBM FileNet P8 Platform system depends on LDAP
authentication
• Access to the content in the system depends on LDAP authorization
• Access to the system does not mean that you have access to any particular
piece of content or the right to perform a certain task
• Data that is stored can also be protected through a native data encryption
capability
• System availability
• IBM FileNet P8 Platform can support 24 x 7 availability
• The system is configured for both high availability and disaster recovery
• It is recommended to have known formal maintenance windows and to build
processes that ensure all maintenance work can be performed in those
windows
Isolate content in an IBM FileNet P8 Platform system
Complete data isolation between clients can be achieved at the following levels:
• Highest level: P8 domain level
• Medium level: Object store level
• Lowest level: Within an object store
All environments, irrespective of the level of isolation, can be sized to meet the needs of
an organization. There are advantages and disadvantages to all approaches. Higher
level of separation reduces the need for some customizations whereas lower level of
separation reduces maintenance overhead. Different models will suit different
organizational needs.
For example, you can use separate desktops within a single Content Navigator
instance.
• can configure different administrators for each object store, but there is a single
group that administers the Global Catalog Database (GCD) which stores the
definition of the P8 domain
The disadvantage with this approach is that depending on how the environment is
configured, some updates might affect all users. Customization is required to limit the
display of users.
Isolate content within an object store (Lowest level)
In a multitenant scenario:
• One or more customers share an object store
• Within an object store, you handle objects security through LDAP group
membership
• You can set different access rights on documents, folders, and the structural
elements that are used to define the documents and folders
• Each customer can either share the document storage or keep it isolated
• this level allows sharing of resources
• Each customer can have separate access at the IBM Content Navigator (ICN) level
by creating their own unique desktop or ICN instance
• Software updates will take the least amount of effort that is compared to the other
configurations discussed in this section.
The disadvantage with this approach is that software updates will affect all customers.
Customization is required to limit the display of users.
Review Questions
Question 1: True or False: For IBM FileNet P8 Platform, the content can be stored on
different file systems in the same physical location, as well as on different file systems
in geographically diverse locations.
Answer 1: True