User Types and User Privileges

Over the past few updates Extended ECM has added several new types of users and I figured a quick blog post might be of use to some. An important thing to remember is that there is a distinct difference between a user type, and a user privilege.

User types are defined at the creation of the account and cannot be changed or modified, whereas privileges can be granted and removed throughout the life of the account.

User Types

User - The one that everyone is more familiar with, the standard user. This is what all end users logging into the system will be leveraging, and likely most of your Administrators today. Users require an Extended ECM license to access the system and can be granted a number of privileges.

System Users - System Users are used internally in Extended ECM and cannot login externally. They are leveraged mainly by automated processes to ensure a clear and understandable audit trail for users and Administrators alike. Some examples include the eLink service user, transport warehouse service user, etc.

Service Users - Service Users were a recent addition to Extended ECM. They can only access the system programmatically either through the REST API interface, or through Content Web Services. They can be transactionally licensed meaning that instead of paying per seat as with a user, you can pay per transaction to leverage the Extended ECM system. This is useful for multiplexing where you have multiple users leveraging a separate system which is integrated with Extended ECM.

Tenant Administrators - The Tenant Administrator user type allows access to the Administration Pages, and specific key Administrative volumes without granting any access to normal content in the system. This is useful for scenarios where you have strict segregation of duties, or where hosting and administering an Extended ECM solution is handled by another company.

Sys_Support - There can only be one Sys_Support account in a system, however it is useful in scenarios where your connection to the OTDS is down, or there is a database schema mismatch. The Sys_Support account has a very limited subset of Admin pages that it can access, such as module install / uninstall and OTDS Configuration. It is important to know about especially in systems where the Admin (1000) account has been disabled.

User Privileges

There are many long standing Privileges that I hope are self-explanatory such as "Log-On" so I'll cover some of the more recently added ones.

eDiscovery - the eDiscovery privilege can be assigned to a user. When this is assigned allows them to enable eDiscovery mode in their profile granting them See-See Contents permissions to all content in the system. This is mainly used for legal discovery needs.

Content Manager - Content Manager can be assigned to any user in the system. When this is granted to the user they will have an additional option under their settings to enter "Content Manager Mode" this then elevates the user to bypass permissions, but not security clearances. This is useful for users who need to move large trees of objects, or unreserve documents on behalf of others.

System Administrator - System Administrator rights allow users to see all content always within the system, also it allows the user to access a number of Administrative pages. This right in conjunction with Business Administrators group allows you to access all configuration in the system.

Business Administrators Group - The Business Administrators Group is a special group inside of Extended ECM that controls access to a number of Administrative Pages. While access to specific pages can be granted individually, often users are simply placed into the Business Administrators Group to grant them wide access to the system configuration.

Back to post listing