Applying Access Controls

You can apply Access Controls to individual records or functions, for example, Record Types or Classifications.

See the following topics for more information:


  • Assigned to the record - simple Access Controls
  • Inherited from the record's container - advanced Access Controls
  • Inherited from the record's Classification - advanced Access Controls
  • Inherited from the record's Record Type - advanced Access Controls
  • A combination of the above - advanced Access Controls

Simple Access Control

You would apply Access Controls to most Content Manager items by navigating to the Access Control function for the item and defining permissions.


Advanced Access Control

Access Controls that Content Manager applies to new records because of the defaults set for the Record Type or Classification they were created with have extended properties.

For these items, Content Manager determines some default permissions; however, you can customise these permissions further.

The additional options determine how Access Controls are applied to records.


Default security inheritance rules

See Record Type Access Controls and security and Classification Access Controls and security for further details.

These are the rules you can apply to control the inheritance of security levels, caveats and Access Controls by objects being created or modified:

  • Inheritance rules for records from Record Types and Classifications
  • Combined Access Control rules: Record Type access and record level access
  • Optional combined Access Control rules: Record Type, Classification and record

Objects to use Access Control with

  • Records and attached electronic documents - to restrict access to individual records.

    This is especially useful when work is in progress before a final copy is published.

  • Record Types* - to restrict access to Record Types and / or to set Access Control defaults that records created using these Record Types will inherit
  • Classifications* - to restrict access to Classifications and / or to set Access Control defaults that records created using these Classifications will inherit
  • Thesaurus terms - to restrict access to Thesaurus terms
  • Workflow templates / saved Workflow templates - to restrict access to Workflow templates
  • Workflows / saved Workflow - to restrict access to individual Workflows
  • Report layouts - to restrict access to report layouts
  • Retention Schedules - to restrict access to Retention Schedules
  • Saved searches - to restrict access to saved searches
  • Lookup Sets - to restrict access to Lookup Sets
  • Locations - to restrict access to Locations
  • Space Management - to restrict access to Space management levels
  • Document queues - to restrict access to document queues
  • Record statistics - to restrict access to generated record statistics

NOTE: * these objects provide two areas to configure Access Controls - one for the object itself and one for the records created using the object.


Access Controls default to Unrestricted.

Record Access Control can only be applied or changed

  • by users who already have Update or Create permission for the current record

    -- or --

  • when no Access Control has been applied to the current record

    -- or --

  • by users who are members of the Owner Location of the current record

NOTE:

  • Users of user type Administrator by default bypass some security restrictions including Access Controls.

    If a user with user type Administrator does not have appropriate security or caveats, the Access command is still available; however, it will display the View Rights dialogue box rather than the Access dialogue box.

    Other user types can be set to bypass security restrictions.

    See User permissions.

  • When the copy style for Record Type and Classification is set to Owner, new records will have their Access Control set to the Owner Location.

    This is not an additional Access Control to the Access Controls already set on the item.