Location security

Each Location in Content Manager is assigned a security and functional access profile.

The security profile includes security level, caveat(s) and associations to parent Locations.

The associations to parent Locations are relevant if Access Control to a record has been set to the parent Location, in which case the Location automatically inherits it.

The security levels and caveats assigned to Locations are used for the movement of physical records to any Location.

A record with a security profile higher than the Location to which it is moved will cause a security breach.

In addition to security levels and caveats, user Locations are used to prevent the users from accessing records with a higher security profile than themselves.

Only Locations that are Content Manager users and allowed to log in have a functional access profile.

The main functional Access Control is assigned by giving the user one of Content Manager's user types.

Only a user with the user type Administrator or equivalent can set or edit the user type property for a logon user.

Content Manager has five predefined user types.

The predefined user types are hierarchical in nature:

  • Administrator - full control
  • Records Manager - reduced Administrator permissions - excluding security functions
  • Records Co-ordinator - advanced records management
  • Knowledge Worker - minimum records management
  • Contributor - slightly fewer permissions than Knowledge Worker
  • Inquiry User - read-only access

In addition to these predefined permission groups, an Content Manager administrator can remove permissions from users.

Some organisations are decentralised and thus have the requirement for the users to have varying degrees of functional access to different types of records.

For example, a user of user type Records Co-ordinator in the Finance Department is required to have full Records Co-ordinator permissions on any Finance Department item while having no or limited access only to Personnel Department items.

You can achieve this by implementing Record Type access controls which enable the system administrator to restrict access to a particular Record Type to nominated users or groups.