About the IBM FileNet P8 Connector

The BA Insight IBM FileNet P8 connector enables you to extract content and security from your FileNet system for searching and migration.  

Search Engine Support

• MS Search is not supported by the IBM FileNet P8 connector

Types

The connector uses either of the following to index your data:

• direct database calls

• FileNet web service API

Direct DB Access Version (for Oracle and MS-SQL databases) 

This version connects directly to your FileNet database. By enumerating data directly from the database, we can index larger sets of data and check for changes more rapidly.

• For configuration instructions, see How to Set Up and Configure Your FileNet Connector.

API Version

• This version of the FileNet Connector allows you to connect to FileNet directly via the published FileNet APIs.
• Use this version only in situations where direct database access is forbidden, as it is more limited in features than the Direct versions.
• For configuration instructions, see How to Set Up and Configure Your FileNet API Connector.

FileNet Content Manager Connector

• BA Insight IBM FileNet Content Manager Connector enables SharePoint, as well as other portal users, to securely search for content stored in FileNet repositories. 

Features

• Access to content is determined by security established in FileNet, ensuring that your content is safe when accessed through any other portal as it is directly within FileNet.
• This capability makes SharePoint Search, Azure Cognitive Search, and Elasticsearch true Enterprise Search.
• The FileNet Connector lets you extract content and security from your FileNet System for searching and migration purposes.
• This Connector uses direct database calls to Oracle and MS-SQL in order to index your data.

The following functionalities are supported for both MS-SQL and Oracle:

• Retrieve Metadata Provides context with details such as the source, type, owner, and relationships to other data sets. Metadata provides details around the item being crawled by Connectivity Hub.
• Retrieve content from the database and file system
• Records Manager support: This Connector can retrieve the metadata of records that are assigned to an item. For detailed info about records, go to the IBM Knowledge Center.
• Additional properties retrieving:
  • Subscriptions:
    • A subscription defines what conditions are required in order for an event action to take place.
    • The subscription includes the class or instance upon which the event acts and also the workflow.
    • For more information, continue with Work with subscriptions 
  • Annotations:
    • An annotation object represents incidental information that can be attached to an object for the purposes of annotating or footnoting that object.
    • You can associate annotations with custom objects, documents, and folders (Containable objects).
    • For more information, continue with the Annotation.
• Direct Security Processing:
  • Processing security that is assigned directly to item.
  • For more information, go to Object Security.
• Inherited Security Processing:
  • Processing security coming from parent folder.
  • For more information, go to Configure security inheritance.
• Proxy Security Processing:
  • The content engine provides extensible security parent relationships by means of the Security Proxy Type property placed on the metadata of custom object-valued properties.
  • For more information, continue with Understanding Security Inheritance.
• Template Security Processing:
  • A security policy serves as a collection of security templates, each of which contains a predefined list of permissions, or Access Control Entries, that can be configured to apply to a document, custom object, or folder.
  • For more information, continue with  Security policies.
• Marking Security Processing:
  • Markings allow access to objects to be controlled based on specific property values.
  • For more information, continue to Markings overview.

  Cross Connector Compatibility

  Connectivity Hub does not currently support indexing content secured via both Active Directory A directory service for Windows domain networks. A hierarchical structure that stores information about objects on the network. Used to manage permissions and control access to critical network resources. and Azure Active Directory An identity and access management solution from Microsoft that helps organizations secure and manage identities for hybrid and multicloud environments. within the same instance.

  • For example, you cannot index files from both File Share and Microsoft Teams with the same Connectivity Hub instance.
  • This can cause issues with security trimming.
  • Two separate Connectivity Hub instances are required in this case.
  • If you want to use multiple Azure AD An identity and access management solution from Microsoft that helps organizations secure and manage identities for hybrid and multicloud environments. based connectors (MS Teams, MS Sharepoint Online) and AD A directory service for Windows domain networks. A hierarchical structure that stores information about objects on the network. Used to manage permissions and control access to critical network resources.-based connectors (File Share), see the Limitations topic, below.

  Cross-connector Security

  • File Share connector reads the permissions set on the file share and its files during indexing.

  • For these permissions to be processed correctly, the Target A Target is a "pointer" to a specific instance of a search application, such as Elasticsearch. - (A Search application instance has one or more indexes) directory in Connectivity Hub must match the directory used to secure the file share.

  • For instance, if the file share is secured via:

    • On-Premise Active Directory domain: Connectivity Hub Target directory must be that same domain.
    • Azure Active Directory domain services: Connectivity Hub Target directory must be "Active Directory" and point to your Azure Active Directory exposed as a Domain Service (Azure AD DS).

  Note: Custom security can also be set within the Connector Framework or Connectivity Hub based on business rules if matching the original security is not required.

  Example: Azure File Share

  • The BA Insight FileShare connector can index an Azure File Share as long as Azure File Share and Connectivity Hub are connected to the same Azure Active Directory Domain Services (AAD An identity and access management solution from Microsoft that helps organizations secure and manage identities for hybrid and multicloud environments. DS) instance.

  • For more information about AD DS: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/overview

  Microsoft Azure Active Directory Domain Services

  • If your file share is secured though Azure Active Directory Domain Services, Connectivity Hub must be configured to use the Azure AD Domain Service as a Target directory for users/groups translation.

  • See the example below.

  Example: Azure AD Domain Service in Connectivity Hub

  Shown in the example below is an instance of a Connectivity Hub with the Target directory configured to use an Azure AD Domain Service.

  

  Cross-connector Limitations

  If you use another BA Insight connector in addition to File Share connector (FileNet, Exchange, Exchange Online, SharePoint Online, and/or Teams) and you want to connect to Azure AD for security identities resolution, use one of the following AD options:

  • A local AD for all BA Insight connectors
    • Will synchronize your local AD with your Azure AD
  • Deploy two instances of Connectivity Hub (hosted on two different servers):
    • Instance 1: Configured with an Active Directory (AD). Use it to crawl with File Share connector
    • Instance 2: Configured with Azure AD target directory. Use it to crawl other BA Insight connectors, that use Azure AD for security trimming.
  Note: If the BA Insight connector Target Directory is misconfigured, the users/groups securing the items will not resolve: records are visible only to the content owner.