I have a requirement to intercept any outbound content transfer operations (e.g. view, export, checkout) and conditionally prohibit that regardless of permissions assigned to object. Not using ACS or BOCS (both disabled). In case you are wondering, we have some highly sensitive 'special control' information that we are trying to avoid allowing superusers to retrieve the content, even though documentum always gives superusers at least READ permission on all objects. The idea is to use TBO to intercept content transfer operations from any DFC client and check these conditions before performing the super method; otherwise when conditions are met, throw exception before super method is called to prohibit the content transfer. [Yes, I know there are other ways for superuser to get to the content, but at least it makes it more difficult and any attempts to bypass would leave a trail somewhere. And we have TCS, so the content is encrypted on the content server at rest]. However, in 6.7 DFC Development Guide, there doesn't appear to be any method available to over-ride for this?!
I have seen some post to try to over-ride method doCanBypassDfcForOutboundContent. However, I have tried this and nothing happens. As a sanity check, I also put in an over-ride of doCheckout in the TBO, and I can see those logger statements getting hit. So, I know the TBO, BOF registry, and logging are all configured properly. But, doCanBypassDfcForOutboundContent never seems to get invoked.
I've also seen some posts about over-riding various getFile(Ex) or getContent(Ex) methods, but apparently there isn't consistency in how those methods are called from various client interfaces. If this is the answer, what are all the methods I'd need to include to make sure all cases are handled?
What's a developer to do? We can't customize content transfer in our Enterprise Content Management system?! Say it isn't so.
