UCM Black Hole Check In
By Kyle Hatlestad on Aug 18, 2009
One situation where we used this with Content Server when we were under Stellent was on our stellent.com website. Our website was built using Content Server (aka UCM) as the foundation and one of the options we offered on the site was for the submission of resumes. Prospective employees could upload an electronic version of their resume into the site which would kick off a process to review that resume by HR. But as soon as they submitted that document, they would no longer be able to view or download it. Thus we needed a way to provide that unusual security use-case.
Different options were discussed such as a custom component to override security. Then a much more simple (and elegant, I think) solution was brought up that wouldn't require any customizations. The approach was termed the "black hole check in".
Basically, the black hole check in uses the Archiver to remap the Security Group and/or Account on the document as soon as it's checked in. Archiver has three major purposes.
- Archive/export content with metadata out of the Content Server.
- Replicate content from one instance to another.
- Remap metadata value.
By combining it's ability to replicate and remap values, you can create an automated way of changing security. What you do is set up replication, but instead of pointing to another instance, the same instance is both the exporter and importer.
Then you set up your Export Query to catch the content you want to remap on the way in. On the Import Maps, you set up your Value Maps to change your security to your new secure settings.
Be sure to set your Export Query in a way to avoid an endless loop that would still catch the content after it was remapped. So it's best to include the security as part of the query.
Now when content gets checked in, it's security gets remapped and voila! - it's not accessible by the author anymore.
Scenario 2
Another scenario that doesn't have quite the same requirements, but which this approach is helpful, is for security or other system metadata field to change during workflow.
There is a handy Idoc Script function you can use in workflow events which will let you update metadata.
<$wfUpdateMetaData("xWorkflowStatus", "Manager_Review")$>
This works well with custom metadata, but does not work with system metadata. So if you wanted to change the Security Group for instance, it would not work.
So what you can set up is an Archive similar to what is outlined above. When the item is released in workflow, it will hit the Archiver process and remap whatever system fields you need.
Posted by Tomo on August 27, 2009 at 06:56 PM CDT #
Posted by Srikanth Rajan on October 07, 2009 at 07:54 AM CDT #
As far as general component writing resources, we have a sample HowTo component which gives examples of hooking functionality into common processes. That is available on our UCM Sample Component site.
Another great resource is The Definitive Guide to Stellent Content Server Development by Brian "Bex" Huff. While it was written during the Stellent days, the architecture and customization steps are still the same in UCM 10gR3.
Another option may be to engage Oracle Consulting or a Oracle Partner that is familiar with this level of customization to sit down and go through designing this component.
Posted by Kyle Hatlestad on October 08, 2009 at 01:37 AM CDT #
Posted by Karam Abuzeid on November 08, 2009 at 02:39 AM CST #
Posted by Aditya on October 07, 2010 at 11:16 PM CDT #
Posted by kyle.hatlestad on October 11, 2010 at 07:07 AM CDT #
Hi Kyle,
Is it possible to set up Scenario 2 to hit Archiver at the Exit event of the last step of a Workflow? I would need to keep some RelatedContent documents unavailable to users in general until one specific content item is released from workflow, then release the other documents. Think of a list of documents. The list goes through the workflow, and when it exits the workflow, the documents from the list get released as well.
Thanks, this is a great article that gave me ideas on how to solve that problem!
Posted by Bruno on January 05, 2012 at 06:34 AM CST #
Hey Bruno,
In regards to hitting the Archiver at the exit even at the last step of the workflow, that's exactly what this post is about. Scenario 2 involves hitting the Archiver at the end and doing the value mapping you need.
But in regards to the second part of your question to release documents as a group, I'm afraid using Archiver does not help in that use case. You would need to create a custom component that could release them simultaneous for that.
Thanks,
-Kyle
Posted by Kyle Hatlestad on January 05, 2012 at 08:49 AM CST #
Thanks again. I was trying to achieve this using executeService("UPDATE_DOCINFO") from within workflow, but I can't get it to work.
I will look further into that!
Bruno
Posted by guest on January 05, 2012 at 08:53 AM CST #
Hi Kyle,
Thanks for the article. I would like to know if I can change contentid/did of the documents currently being imported?
We have few docs to import in our env, but those content ids/dids are already in use. So we would like to export those docs from source system and import them as a 'new' documents in target system. Is this possible with value map?
Posted by guest on February 08, 2012 at 06:24 AM CST #
Hi Kyle,
I am trying to change the folder security group valus through archvie. I have created archiver by using folder achiver and then I exported the created archive then in import map I have enter querty to change the security gruop form "x-confidence" to "Secure" then I am importing into the archier. when I import the archiver its converted securty group to new security group for few folders and it left the conversion for few foldes. can I know why system left for few folders. is there anything stoping to convert security gruop to few folders.
Thanks
kishore.
Posted by kishore on June 25, 2012 at 03:03 AM CDT #
Hi, Kyle!
Thanks for the post. He seems to be promising. However, in my tests, there was a problem: When I run the tests as the user weblogic, everything happens as expected and the security group is modified. When I run as a another user the archiver is unable to perform the modification and displays an error in the logs saying that the user does not have permission to perform modification of the security group. From what I understood, the automated replication is performed taking into account the context of the user who made the document check in, which in this case is not desired. If I run the archiver applet later and run the import manually with the user weblogic, everything results as expected. Is there any solution for that replication does not take into account the permissions of the author of content?
Posted by Guilherme on October 20, 2012 at 12:50 PM CDT #