Record Access Controls behaviour

You can apply Access Control to multiple records using tagging.

Content Manager will give all tagged records the same access properties, where possible.

Content Manager enables you to configure the security profile for an individual record.

The default security profile can be inherited from the Record Type definition or the record's Classification.

See Record Type Access Controls and security and Classification Access Controls and security.

  1. To apply access controls to an individual record, right-click the record and on the Security and Audit menu, click Security/Access.

  2. Under Access Controls, select the Access Control you want to change and use the buttons below to change it.

    NOTE:

    • Most of the record Access Controls properties depend on the setting for View Metadata.

      If View Metadata access is denied to a user, then the other Access Control permissions become irrelevant.

    • The Access Control options View Document or Update Document should not be the sole property of an Access Control group as navigating to the document without View Metadata is not possible.
    • Users of user type Records Manager with no Update Metadata access can still delete records.

      When setting up Access Controls, it is very important to do so logically.

      For example, if the Content Manager administrator chooses to restrict Update access, they should probably also restrict Delete access, as Content Manager does no comparative checks between these restrictions.

    • Use these options to restrict access - for example, allow the user to view metadata, but block access to attachments. Within each control, you can grant or deny access to users or groups of users:
      • Unrestricted access for everyone
      • Restrict access to the same users as the record's container or folder
      • Restrict access to just the current user
      • Restrict access to just one Location and any of its members, or
      • Restrict access to a custom list of Locations
    • When a user attempts to modify the Access Control for a record with an attached electronic document and the record is checked out by another user, the Access Control change will be prevented and a warning message will appear. This will apply when the record's Access Control - for example, the View Document, Update Document and View Metadata Access Control options - is either modified or the record is placed in a container or moved to another container whose Access Control list would prevent the records attached electronic document from being checked in. This functionality will not apply to a container's contained items when changing its Access Control.

To be able to change Access Controls on existing records, a user must have at least one of the following permissions:

  • Modify Records
  • Document Update
  • Record Administration

In addition, the user must be in the list of Locations for the Modify Record Access Access Control on the record or have the Bypass All Access Controls permission.

If the Modify Record Access Access Control is set to Unrestricted, then the user must either:

  • Have Record Administration permission
    OR
  • Have Bypass All Access Controls permission
    OR
  • Be a member of the Owner Location of the record

NOTE: Any referenced restrictions for records based on Classification as well as Record Type must also be satisfied for the user to be able to change the record's Access Controls.

Related Topics Link IconRelated information