S
By Suhas Das
Author
19 views
In OpenText Documentum, Groups and Roles are both used to manage users, but they serve different purposes in controlling access and functionality within the system.
What is a Group?
A Group is a collection of users who share the same permissions.
Key uses of groups:
- Assigning ACLs (Access Control Lists) for object-level security
- Managing permissions for multiple users at once
- Assigning tasks in workflow workbaskets
- Acting as an owner so all members can access/manage an object
👉 In short:
Groups are primarily used for object-level permissions and access control.
What is a Role?
A Role is a special type of group used to define functional responsibilities.
Key characteristics:
- Controls what a user can do (functional permissions)
- Represents a job function (e.g., reviewer, approver, administrator)
- Internally implemented as a group
Technical detail:
-
Created by setting:
-
group_class = role -
group_name = <role_name>
-
👉 In short:
Roles are used for function-level permissions and responsibilities.
Key Differences
| Feature | Group | Role |
|---|---|---|
| Purpose | Manage access to objects | Define functional permissions |
| Usage | ACLs, ownership, workflows | Functional responsibilities |
| Level | Object-level security | Application/function-level control |
| Type | Standard group | Special type of group |
Conclusion
- Groups → Control who can access what (documents, folders, objects)
- Roles → Control what a user can do (functions, responsibilities)
Both work together to provide a flexible and secure permission model in Documentum.