Security caveats administration

Security caveats ensure that records can only be accessed by Locations that have the same caveats.

Caveats are used for

  • Records
  • Locations
  • Record Types
  • Classifications.

Caveat levels are composed of:

  • Description - name of the caveat, for example, Staff in Confidence
  • Abbreviation - abbreviated version of the caveat's name/description, for example, SiC for Staff in Confidence.

TIP: To ensure users are restricted to the appropriate records, switch on the security rules you want to apply in your organisation.

See System Options Security page.

  • Creating, editing and removing of caveats is restricted to users of the user types Administrator and Records Manager
  • The minimum number of caveats is 0
  • The maximum number of caveats is 512
  • Caveats must have an additional abbreviated code name for ease of use
  • When you remove a caveat and that caveat was applied to records and/or Locations, Content Manager removes the caveat from all objects
  • Caveat security prevents users from viewing and editing records with unmatched caveats; however, Content Manager bypasses viewing security for users of the user type Administrator.

    A user must have a matching set of caveats to edit or view a record except where additional security prevents such access, for example, security levels, Access Control and user type.

    • A user can create a record with caveats not owned by the user
    • A user must own a caveat before modifying and applying such a caveat to a record

      NOTE:

      • Records can be created with a different caveat than the creator if the security level or caveat defaults are passed to the record from the Record Type or from the Classification plan. A message will warn the user they will not have access after creation.
      • If the system option setting allows a security violation and the Owner and/or Home Location are being picked up from the Assignee, you may get a warning that the Home or Owner do not match the record's security. You will, however, be able to save the record with Content Manager logging a security violation.
      • If the system option Prevent is selected and the Owner Location is going to be in violation of security, then the record cannot be created.

        Once a record already exists in Content Manager, you cannot allocate a caveat to it if you do not have the caveat yourself.

  • Caveat security warns, prevents, logs or uses a combination of these as set in system options when users move records to lower security Locations.

Related Topics Link IconRelated information