The components of an Enterprise Content Management (ECM) system typically define and manage electronic data content including for example, Internet content, document images, e-mail messages, audio, video, and other digital representations of information (collectively referred to herein as “content”). Considering the potential volume, complexity, and variety of the objects under its management, an ECM may also include tools and other facilities for accessing and customizing components of the ECM, particularly where those components are related to securing the content. Role Based Access Control (RBAC), which assigns an end-user to a function or role, is one option for securing the content. Permissions are provided to the role, rather than to the individual user, depending upon the tasks performed by the role. An ECM may consist of several separate components, including a database server, an authentication management system, (e.g., Active Directory), and a User Interface (UI) such as, for example, a program executing as a web browser. A complete security solution may provide consistent security definitions, whether the end-user accesses the content using the UI or whether the end-user accesses the content in the database directly through facilities such as Standard Query Language (SQL). Without effective security definitions in the UI, an end-user might attempt to generate work against the content before receiving a warning message or error notification that only some of the actions are allowed. Without effective security definitions at the database, or content storage level to complement the UI security definitions, an end-user might be able to successfully access the content directly using an interface such as SQL, even though access should be denied.
It may therefore be desirable, among other things, to provide a method and system of implementing RBAC in an ECM system.