Content Manager 23.3 Content Manager

Security level aggregation

When you enclose lower classified records within higher classified records, the Classification of those documents will not inherit the Classification of the file (container).

This is the conventional and established paradigm of record security.

This logic can be found in The Commonwealth Protective Securities Manual (Australia). To quote from the PSM (the section entitled Requirements for Classifying Documents): '...the classification of each individual document normally depends on its content, and not on the classification of the file on which it was drafted or of another document to which it refers.'

When containing a more secure document in a container with lower security, or a less secure document in a container with higher security, the Content Manager administrator can set the default in Record Type Properties - Record Type General page for each Record Type to be one of the following, depending on their requirements:

Ignore
Display Warning
Display Warning, Upgrade Container Security
Update Container Security
Prevent Document from being placed in Container
Display Warning, Update Document Security
Update Document Security.

There is no aggregation for security caveats or Access Controls.

NOTE:

When you want to downgrade the security of a container, the container's Record Type has to be set to Display Warning or Ignore.

Other settings will not allow you to downgrade the container if it contains a record that has a higher security level.

TIP: The options for security inheritance when records are enclosed in containers are set in Record Type - General page - Behaviour for handling more secure Documents, and Behaviour for handling less secure Documents. These container options are provided to assist you in determining the best method of updating (aggregating) the security details of records and containers when they are contained.

This allows you to apply different rules to paper based records and electronic records. Some options are more applicable to electronic records than paper based records as there is generally no need to set security on an electronic container - so their Record Type would be set to Prevent, Ignore or Display Warning and instead, each electronic document has its own security. This avoids the situation where users cannot access a document on a file because the file's security level has been automatically upgraded higher than the user's security level.