Applying Access Controls to functions

You can use function Access Controls to restrict access to a particular function, for example, Record Types, Classifications, Schedules Locations and External Links.

  1. Find the function/object you want to set Access Controls for.
  1. Right-click the item and on the Security and Audit menu, click Security/Access, or right-click and select Properties - Access Controls tab.

    The Security and Access Policy dialogue box appears.

  2. Select the Function Access Controls you want to apply.

    There are four options available to control access to an item.

    See Function Access Controls.

  3. Select the Access Controls you want to apply.

    See Grouped Access Controls.

  4. Click OK

    NOTE:

    • You can copy and paste a customised Access Control to multiple items by right-clicking on the customised item, then the following options display:

      • Copy to ACL Worktray - copies the current list to the work tray.

      • Add to ACL Worktray - adds the copied items to the existing list. If "usera" and "userb" is in the list then "usera" from the work tray will be added.

      • Paste to ACL Worktray - overwrites the existing list.

    • If you do not have Can Use access to the item, for example, when a Location has Access Controls set to Private, only the specified users or groups of users will be able to use or edit the Location
    • If the user is not the Owner of the record or in the Owner's group, then the Owner Location will also be set to read only.
    • Modify Access rules
      • When Can Modify Access is set to Unrestricted and Can Update is set to Unrestricted, then everyone can modify the Access Control settings
      • When Can Modify Access is set to Unrestricted and Can Update is set to Location A, then only A can modify the Access Control settings
      • If Can Modify Access is set to Unrestricted and Can Update is set to Group B, then anyone in Group B can modify the Access Control settings
      • If Can Modify Access is set to Unrestricted and Can Update is set to Organisation C, then anyone in C can modify the Access Control settings
    • Users of user type Records Manager with no Update Metadata permission can still delete records
    • When setting up Access Controls, it is very important to do so logically - for example, if the administrator chooses to restrict Update access, they should probably also restrict Delete access, as no comparative checks are done between these restrictions