Security

The value of information in electronic format largely depends on audit trails provided by the environment in which it has been created. The information can only be trusted if it is known who created it, who made changes to it, whether it was published and when these events occurred.

In turn, these audit trails can only be trusted when they are unalterable and complete.

To this end, Content Manager needs to ensure that all documents under its control cannot be accessed or altered in any way without the changes being tracked and recorded.

Aside from protecting the information for evidential reasons, an organisation may have a need or be legally bound to protect certain information from unauthorised access. Also, it could be that an organisation wishes to restrict their personnel's access to only certain relevant documents to prevent information overload.

In addition to protecting information from unauthorised access, Content Manager also provides protection of system functions so that users can only perform the tasks that are necessary for their day-to-day work.

The business logic in Content Manager provides control over user permissions and access to records and documents.

Security Groups provide finer granularity over access to Content Manager permissions.

The technical architecture described in the topic Architectural security makes it impossible for users in a correctly configured Content Manager environment to access either the metadata or the electronic documents by any means other than Content Manager.

Therefore, limiting access enables Content Manager to apply stringent security, Access Control and to implement audit logging business rules based on the metadata elements.

  • Security Levels distinguish between records by a successive classification.

    For example, all records that are classified Top Secret with a level of 20 are higher in restriction compared to those classified as Unclassified with a level of 10.

    A staff member with a high security level can see all records of that security level or lower.

  • Security caveats are a privacy control.

    For example, all records that have the caveat Personal History can only be viewed by those users who have been given the Personal History caveat.

    A staff member must have a particular caveat to see records with that caveat.

    There is no succession of caveats.

  • Access Control is a specific privacy control allocated to a record or item.

    For example, once you set an Access Control on a record, only the user or Group allocated to the Access Control can access the record.

NOTE: You can display security levels and caveats as separate items in the list pane and view panes.

Related Topics Link IconRelated information