Security levels administration

Security Levels ensure that records can only be accessed by Locations who have the same security level or a higher security level than that allocated to a record.

Security Level defaults can be defined for the creation of records in both Record Types and Classifications.

Security Levels are used for:

  • Records
  • Locations
  • Record Types
  • Classifications

A security level is composed of the following

  • Description - the name of the security level, for example, Top Secret
  • Ranking - a unique number given to each security level that establishes the order of precedence, for example, 20.

    The higher the security level, the greater the number should be.

    You can select numbers from 1 to 99.

  • Abbreviation - an abbreviation of the security level, for example, TS for Top Secret.

NOTE: You can create a maximum of 99 security levels.

TIP: To ensure users are restricted to the appropriate records, switch on the security rules you want to apply in your organisation.

See System Options Security page.

  • Creating, editing and removing of levels is restricted to users of user types Administrator and Records Manager
  • Individual security levels cannot be deactivated
  • The minimum security level by default is [No Security Level]
  • The maximum number of levels is 99
  • The minimum number of levels is 0
  • When you remove a level and that level has been applied to records and/or Locations, Content Manager will display a warning.

    When Continue is selected, the affected objects will adopt the next lower level.

  • If no level has been explicitly applied to a new item and no other Content Manager items imply a level, then the new item will adopt [No Security Level]
  • Level security prevents users from viewing and editing higher-level records, but viewing security is bypassed for users with user type Administrator.

    A user must have an equal level or higher to edit or view a record except where additional security prevents such access, for example, caveats, Access Control, user type.

    • A user can create a record with a higher level than their own level
    • A user cannot modify and apply a higher level than their own level to a record.

      NOTE:

      • Users can create records with a higher security level than their own if the security level or caveat defaults are passed to the record from the Record Type or from the Classification plan. A message will warn the user that they will not have access after creating the record.
      • If the system option setting allows a security violation and Owner and/or Home Location are being picked up from the Assignee, you may see a warning that the Home or Owner do not match the record's security. You will, however, be able to save the record and Content Manager will log a security violation.
      • When the option in Administration - System Options - Security page When changing Assignee, Home or Owner for a Record to a less secure Location is set to Prevent and the Owner Location is going to be in violation of this rule, then you cannot create the record. Once a record already exists in Content Manager, you cannot allocate higher security than you have yourself.

  • Level security warns, prevents, logs or uses a combination of events as set in system options when users move records to lower security Locations.

    NOTE: Downgrading a user's security profile - when you downgrade the security profile of a user and there are records marked to them that are of a higher security level than the user, then no security violation warning will appear.

Related Topics Link IconRelated information