Content Manager 23.3 Content Manager

Workgroup Server security

Reading and writing to the database
Adding or viewing documents in the store
Document content indexing and retrieval
Performing bulk processes

The Content Manager Workgroup Server performs bulk processes such as document content indexing, calculating Retention Schedule dates, sending email notifications and writing audit logs.

The Workgroup Server requires no direct access to the document store itself.

The Workgroup Server writes the audit log for the connected dataset to the tab delimited file C:\Program Files\Content Manager\ServerData\<DBID>\AuditLogs<YYYY>\Date_<YYYY-MM-DD>.log.

This folder must be adequately protected by operating system security and a backup policy to prevent unauthorised access or amendment of the log files.

Because all access to the database and to documents is provided through a Workgroup Server, it is extremely difficult to bypass the business rules in Content Manager.

The Workgroup Server runs under a dedicated security identity, which is separate from the security identity of the user. All access to the resources can be restricted to this single identity.

TRIM.exe and the TRIMSDK.dll are the only executables capable of accessing the Content Manager Workgroup Server.

An additional benefit of this architecture is that third party software is not required on client computers, which makes administration and implementation easier.

For example, in a site using an Oracle database, it is not necessary to have any Oracle software on client computers.