UCM Black Hole Check In

By Kyle Hatlestad on Aug 18, 2009

Black_hole.jpg
Sometimes a requirement comes around which makes you think, "why would you want to do that?" But then very quickly you can begin thinking of use cases where it could come in very handy. One such requirement that's come up over the years is the idea that you want users to be able to contribute/check in content, but not be able to view or retrieve it. Essentially, it goes into the system but becomes invisible to them.

One situation where we used this with Content Server when we were under Stellent was on our stellent.com website. Our website was built using Content Server (aka UCM) as the foundation and one of the options we offered on the site was for the submission of resumes. Prospective employees could upload an electronic version of their resume into the site which would kick off a process to review that resume by HR. But as soon as they submitted that document, they would no longer be able to view or download it. Thus we needed a way to provide that unusual security use-case.

Different options were discussed such as a custom component to override security. Then a much more simple (and elegant, I think) solution was brought up that wouldn't require any customizations. The approach was termed the "black hole check in".

Basically, the black hole check in uses the Archiver to remap the Security Group and/or Account on the document as soon as it's checked in. Archiver has three major purposes.


  1. Archive/export content with metadata out of the Content Server.

  2. Replicate content from one instance to another.

  3. Remap metadata value.

By combining it's ability to replicate and remap values, you can create an automated way of changing security. What you do is set up replication, but instead of pointing to another instance, the same instance is both the exporter and importer.

archiver_replication.jpg

Then you set up your Export Query to catch the content you want to remap on the way in. On the Import Maps, you set up your Value Maps to change your security to your new secure settings.

archiver_remap.jpg

Be sure to set your Export Query in a way to avoid an endless loop that would still catch the content after it was remapped. So it's best to include the security as part of the query.

Now when content gets checked in, it's security gets remapped and voila! - it's not accessible by the author anymore.

Scenario 2

Another scenario that doesn't have quite the same requirements, but which this approach is helpful, is for security or other system metadata field to change during workflow.

There is a handy Idoc Script function you can use in workflow events which will let you update metadata.

<$wfUpdateMetaData("xWorkflowStatus", "Manager_Review")$>

This works well with custom metadata, but does not work with system metadata. So if you wanted to change the Security Group for instance, it would not work.

So what you can set up is an Archive similar to what is outlined above. When the item is released in workflow, it will hit the Archiver process and remap whatever system fields you need.

Category: Document Management

Tags:

Permanent link to this entry

Comments:

This article is great!

Posted by Tomo on August 27, 2009 at 06:56 PM CDT #

Your post was helpful.The requirement I have is similar to Scenario 2 but I am struggling for more information on the web or a detailed step by step approach.Can you please help me as I have a limited time to accomplish this.Here is my requirement Overview: > When a new document is checked into a UCM folder, certain metadata for that > folder can be set to be inherited by the document. This does not occur when > a UCM document is moved from one folder to another. The requirement is to > have metadata be inherited when a document is moved also. A custom UCM > component will be written to support this new functionality. > > Details: > 1. The set of metadata items that will be inherited during a move may > be different from the set that is inherited during a new document check-in. > Therefore a separate list of meta data that is inherited during a move must > be kept. This list can be contain in a configuration file vs. being set in a > new UI page. > 2. This inheritance needs to occur when a document is moved via the > Web UI and Desktop Integration. There should be a warning message displayed > before the move to alert users that their metadata will be changed. This > alert text should be configurable in the same config file mentioned in #1. > Ideally, this alert will also appear when moving a document using desktop > integration > 3. Is this feature for all folders, not a subset of folders. In other > words, the metadata inheritance for a move is triggered by a document being > moved into any folder. > 4. The value in the metadata field will be replaced with the new value > if it is being inherited. If the security group is changed, then the > document’s URL will be affected (as usual). > 5. The custom component must be compatible with future versions of > Content Server.

Posted by Srikanth Rajan on October 07, 2009 at 07:54 AM CDT #

Srikanth, that's a fairly extensive component to write. And I'm not aware of any similar examples or write-ups on it.
As far as general component writing resources, we have a sample HowTo component which gives examples of hooking functionality into common processes. That is available on our UCM Sample Component site.
Another great resource is The Definitive Guide to Stellent Content Server Development by Brian "Bex" Huff. While it was written during the Stellent days, the architecture and customization steps are still the same in UCM 10gR3.
Another option may be to engage Oracle Consulting or a Oracle Partner that is familiar with this level of customization to sit down and go through designing this component.

Posted by Kyle Hatlestad on October 08, 2009 at 01:37 AM CDT #

Kyle, This was very helpful in my POC implementation. I used this approach to update the dDocType Metadata field where it should be changed from Bills to Acts type of content

Posted by Karam Abuzeid on November 08, 2009 at 02:39 AM CST #

Hi Kyle, after a lot of hunting around did come around to your blog where I have a similar requirement as Srikanth's, Could you possibly provide any details of the thought process to be followed for the same.

Posted by Aditya on October 07, 2010 at 11:16 PM CDT #

Hey Aditya, I guess I would look at extending the actions performed by the Folders component and try to intercept the updating of the metadata to the new folder and override the other metadata with the parent folder's default metadata. This is not a trivial component to write and may need deep understanding of those services. I would recommend engaging with Oracle Consulting Services or a certified Oracle partner to assist in developing something like this. Thanks, -Kyle

Posted by kyle.hatlestad on October 11, 2010 at 07:07 AM CDT #

Hi Kyle,
Is it possible to set up Scenario 2 to hit Archiver at the Exit event of the last step of a Workflow? I would need to keep some RelatedContent documents unavailable to users in general until one specific content item is released from workflow, then release the other documents. Think of a list of documents. The list goes through the workflow, and when it exits the workflow, the documents from the list get released as well.

Thanks, this is a great article that gave me ideas on how to solve that problem!

Posted by Bruno on January 05, 2012 at 06:34 AM CST #

Hey Bruno,

In regards to hitting the Archiver at the exit even at the last step of the workflow, that's exactly what this post is about. Scenario 2 involves hitting the Archiver at the end and doing the value mapping you need.

But in regards to the second part of your question to release documents as a group, I'm afraid using Archiver does not help in that use case. You would need to create a custom component that could release them simultaneous for that.

Thanks,
-Kyle

Posted by Kyle Hatlestad on January 05, 2012 at 08:49 AM CST #

Thanks again. I was trying to achieve this using executeService("UPDATE_DOCINFO") from within workflow, but I can't get it to work.

I will look further into that!

Bruno

Posted by guest on January 05, 2012 at 08:53 AM CST #

Hi Kyle,

Thanks for the article. I would like to know if I can change contentid/did of the documents currently being imported?

We have few docs to import in our env, but those content ids/dids are already in use. So we would like to export those docs from source system and import them as a 'new' documents in target system. Is this possible with value map?

Posted by guest on February 08, 2012 at 06:24 AM CST #

Hi Kyle,

I am trying to change the folder security group valus through archvie. I have created archiver by using folder achiver and then I exported the created archive then in import map I have enter querty to change the security gruop form "x-confidence" to "Secure" then I am importing into the archier. when I import the archiver its converted securty group to new security group for few folders and it left the conversion for few foldes. can I know why system left for few folders. is there anything stoping to convert security gruop to few folders.

Thanks
kishore.

Posted by kishore on June 25, 2012 at 03:03 AM CDT #

Hi, Kyle!

Thanks for the post. He seems to be promising. However, in my tests, there was a problem: When I run the tests as the user weblogic, everything happens as expected and the security group is modified. When I run as a another user the archiver is unable to perform the modification and displays an error in the logs saying that the user does not have permission to perform modification of the security group. From what I understood, the automated replication is performed taking into account the context of the user who made the document check in, which in this case is not desired. If I run the archiver applet later and run the import manually with the user weblogic, everything results as expected. Is there any solution for that replication does not take into account the permissions of the author of content?

Posted by Guilherme on October 20, 2012 at 12:50 PM CDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Kyle Hatlestad is a Solution Architect in the WebCenter Architecture group (A-Team) who works with WebCenter Content and other products in the WebCenter & Fusion Middleware portfolios. The WebCenter A-Team blog can be found at: https://blogs.oracle.com/ ateam_webcenter/

Search

Archives
« September 2015
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today