Records Management and Laserfiche Security. Guide

Similar documents
Laserfiche Records Management Edition Terminology (version 8.0) White Paper

Laserfiche Records Management Training

Laserfiche 8.1 New Features Quick Reference. White Paper

Laserfiche Import Agent Quick Start Guide. White Paper

Introduction to Security in Laserfiche 8.3 and later. White Paper

What's New in Laserfiche Rio and Laserfiche Avante 9.1. White Paper

Laserfiche Avante 9.2 Frequently Asked Questions. White Paper

Quick Fields 10 Licensing Summary. White Paper

Trustee Attributes. White Paper. February 2012

Laserfiche Product Suite 2011

Laserfiche Security Training Manual

What's New in Laserfiche Rio, Laserfiche Avante, Laserfiche Forms, and Laserfiche Connector White Paper

ImageNow Retention Policy Manager

Laserfiche Document Management at a Glance

Oracle. Engagement Cloud Using Service Request Management. Release 12

Laserfiche Product Suite

HP TRIM Onsite Folder Disposal Procedures

Receive and Forward syslog events through EventTracker Agent. EventTracker v9.0

Perceptive Content. New Feature Introduction. Version: 7.0

Integrate EMC Isilon. EventTracker v8.x and above

Integrate Akamai Web Application Firewall EventTracker v8.x and above

Oracle. Service Cloud Knowledge Advanced Implementation Guide

Integrate Windows PowerShell

1. Right-click the worksheet tab you want to rename. The worksheet menu appears. 2. Select Rename.

Oracle Information Rights Management Oracle IRM Windows Authentication Extension Guide 10gR3 August 2008

Organize and Deliver Digital Assets Using Adobe Experience Manager v6.x Student Workbook

Documentation Accessibility

Oracle Database Mobile Server

Oracle Database Express Edition

Addendum 1. APPENDIX B - Technical Information / Requirements Records Management Solution Capabilities. Questions. Number

2 Records Manager Updates

Integrate MySQL Server EventTracker Enterprise

Oracle PeopleSoft PeopleTools 8.54 Product Documentation Update. PeopleSoft Fluid User Interface

Integrate Microsoft Office 365. EventTracker v8.x and above

General Security Principles

Oracle Endeca Web Acquisition Toolkit

Oracle. Sales Cloud Configuring Sales for B2C. Release 13 (update 18A)

Oracle Payment Interface Installation and Reference Guide Release E April 2018

Uploading Files Using File Drag and Drop

Integrate Aventail SSL VPN

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)

NTP Software File Auditor for Windows Edition

Integrate Sophos Enterprise Console. EventTracker v8.x and above

Set Up Rules Palette

Integrate IIS SMTP server. EventTracker v8.x and above

Oracle Fusion Middleware. 1 Introduction. 1.1 Supported Functionality and Intended Use. 1.2 Limitations

Release for Microsoft Windows

Integrate NGINX. EventTracker v8.x and above

Oracle Warehouse Builder 10g Runtime Environment, an Update. An Oracle White Paper February 2004

JD Edwards EnterpriseOne Licensing

FileWay User s Guide. Version 3

HP Database and Middleware Automation

Site User Guide. Oracle Health Sciences InForm CRF Submit Release Part Number:E

EnterpriseTrack Reporting Data Model Configuration Guide Version 17

IBM Records Manager Version 8.5. Designing a DoD Compliant Solution

Remote Support. User Guide 7.23

Oracle Fusion Middleware Oracle Stream Analytics Release Notes. 12c Release ( )

CA Harvest Software Change Manager

Oracle Fusion Middleware

Oracle Hospitality Simphony Cloud Services Post-Installation or Upgrade Guide Release 2.10 E July 2018

Oracle Configuration Manager

Oracle Communications Performance Intelligence Center

Contents About Connecting the Content Repository... 5 Prerequisites for Configuring a Content Repository and Unifier... 5

Shared File Room Field Guide

Service Cloud Knowledge Advanced Implementation Guide Release 17D

Oracle. Service Cloud Knowledge Advanced User Guide

Contents Overview... 5 Upgrading Primavera Gateway... 7 Using Gateway Configuration Utilities... 9

AD Summation. Administration Guide. WebBlaze

Oracle FLEXCUBE Core Banking

Oracle Enterprise Single Sign-on Logon Manager How-To: Configuring ESSO-LM Event Logging with Microsoft SQL Server 2005 Release

Copyright 1998, 2009, Oracle and/or its affiliates. All rights reserved.

PRIMAVIEW USER GUIDE

New Features in Primavera Professional 15.2

Contents. User's Guide

Integration of Phonefactor or Multi-Factor Authentication

Supporting ios Devices

Oracle. Service Cloud Knowledge Advanced User Guide

Enterprise Vault Best Practices

Documentation Accessibility. Access to Oracle Support

Microsoft Active Directory Plug-in User s Guide Release

Integrate F5 BIG-IP LTM

Oracle FLEXCUBE Direct Banking iphone/ipad Workspace Configuration

Liquidity Management OBIEE Setup Oracle Banking Liquidity Management Release [November] [2017]

CA ERwin Data Modeler

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need

BIG-IP System: Configuring the System for Layer 2 Transparency. Version 13.1

Configuring TLS 1.2 in EventTracker v9.0

Supporting Apple ios Devices

Oracle Enterprise Manager

Primavera Portfolio Management 9.1 Bridge for Microsoft Office Project Server 2007 Users Guide

Oracle. SCM Cloud Configurator Modeling Guide. Release 13 (update 17D)

AvePoint Office Connect

Integrate Saint Security Suite. EventTracker v8.x and above

Integrate HP ProCurve Switch

Challenges of Implementing Retention. March 9, 2017

Technical Brief Exporting a List of Device MAC Addresses from Xcalibur Global Document Version 1.0

Materials Control. Purchase Orders Internal Attachments. Product Version: Attachments Joerg Trommeschlaeger.

Installation Guide. ProView. For System Center operations Manager ProView Installation Guide. Dynamic Azure and System Center insights

6.2 Ingredion Learning Workday Drive Learning Admin - 08.Nov.2018

Transcription:

Records Management and Laserfiche Security Guide May 2006

The information contained in this document represents the current view of Compulink Management Center, Inc on the issues discussed as of the date of publication. Because Compulink must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Compulink, and Compulink cannot guarantee the accuracy of any information presented after the date of publication. This chapter is for informational purposes only. COMPULINK MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. 1

Table of Contents Records Management and Laserfiche Security...i Table of Contents...2 Records Management Security...4 Records Management Privilege...4 Records Management Access Rights...5 Security Implications of Records Management Rights...6 Closing Record Folders...6 Cutoff...7 Freeze...7 2

Laserfiche Records Management functions allow records managers to track and control records from creation to destruction, including transfers, storage, and final disposition. These functions make it easier to comply with regulations on document disposal and to ensure records are kept only as long as they're needed. The Records Management system in Laserfiche interacts with Laserfiche Security in order to keep track of records and control whether and how they can be modified at different stages in the Records Management cycle. This paper explains how normal Laserfiche Security interacts with Records Management in Laserfiche 7.1.x and 7.2.x. Much of the information is also relevant to records management in 7.0.x, but there may be minor differences. In a Records Management repository, there will generally be some items that are in normal Laserfiche folders, and some items located within Record Series that are subject to Records Management processes and restrictions. For the purposes of this paper we refer to items located within Record Series on the folder tree as being "in Records Management." Also, we refer to users who have been granted the Records Management privilege as "Records Management users." Interactions Between Laserfiche Security and Records Management Records Management and normal security co-exist. Items within Records Management are still subject to all the normal functionality of Laserfiche, including security settings. Records Management does use some additional access rights which are not a part of Laserfiche security: Set Last Review Date Freeze Unfreeze Set Event Time Close/Reopen Folder Other Records Management operations are controlled by the Records Management privilege. The ways in which Laserfiche Security and Records Management interact differs somewhat depending on whether you are using Laserfiche 7.1.x or Laserfiche 7.2.x. Security and Records Management with Laserfiche 7.1.x With Laserfiche 7.1.x, Records Management settings always make security more restrictive, never less. For instance, if a user does not have the Read entry access right on a document, no Records Management setting can allow them to read it. Records within record series can have normal Laserfiche 3

access rights set. However, some Records Management settings will restrict rights even more than the normal security that's set on a document. Security and Records Management with Laserfiche 7.2.x In Laserfiche 7.2.x, the Records Management privilege has been expanded to allow the Records Management user to accurately and consistently maintain the metadata of records. This is necessary because certain disposition actions such as closing a record folder would normally restrict the record for all users. However, in Laserfiche 7.2, it is possible to add links, tags or versions to documents without the Write Metadata entry access right. The ability to remove such links, tags and versions is therefore necessary for Record Management users, to prevent situations where metadata is added to documents but can never be removed because the record folder is closed. Records Management Security Records Management security settings are only exposed to users who are accessing a Records Management server. These consist of several entry access rights and the Records Management privilege. Records Management Privilege This privilege does not provide any of the Records Management entry access rights, so a user with this privilege must still have the appropriate access right on a particular record or record folder in order to perform the actions controlled by those access rights. Besides these access rights, the Records Management privilege allows users to modify Records Management administrative items and to perform Records Management actions. The privilege allows users to modify the following administrative items: All Records Management nodes in the Administration Console: o Cycle Definitions o Locations o Retention Schedules o Cutoff Instructions Record Series Properties Record Folder Properties The Records Management actions controlled by the privilege are: Create Record Series Cutoff Uncutoff 4

Confirm Transfer Confirm Accession Destroy In addition to the Records Management privilege, all of the above Records Management actions require the Read right on the appropriate record folder. Create Record Series also requires Create Folders. In Laserfiche 7.2, the Records Management privilege was expanded. The Records Management user can remove tags or links from documents or remove documents from version groups even if the user lacks the "Write Metadata" entry access right on the document. This allows the Records Management user to keep links, tags and versions up to date when the record folder has been closed. This privilege does not allow the Records Management user to modify the metadata on entries if the entries or their containing folders have been frozen. Also, Records Management users are the only user who can remove the "Supersedes/Superseded by" document link if both ends of the link are within a record series. Records Management Entry Access Rights The Records Management entry access rights control the operations that are not specifically governed by the Records Management privilege. The following list describes the function of the Records Management access rights and their interaction with standard access rights. Set Last Review Date: Allows the user to set, unset, or modify the review date for vital records. Setting the Last Review Date requires the Read access right. Freeze: Allows user to freeze a record, record folder or record series, preventing it from being modified, and to set or modify the Freeze reason. Note that Freeze does not inherently allow the user to Unfreeze. Accessigng the Freeze dialog requires the Read entry access right. Unfreeze: Allows user to unfreeze a record, record folder or record series. Note that Unfreeze does not inherently allow the user to Freeze. Accessing the Freeze dialog requires the Read entry access right. Set Event Time: Allows user to set, unset, or modify event dates on record folders with Event or Event/Time cutoff instructions. Setting the final event date of a record folder closes it, and unsetting at least one event date re-opens it, so with the Set Event Time entry access right inherently also have the Close/Reopen folder right in order to have the Set Event Time right. In Laserfiche 7.2, Set Event Time was expanded to control whether a user can Set, Modify or Unset an Alternate Retention Event if one is defined in the record folder's Retention Schedule 5

Close/Reopen Folder: Allows user to close a folder so that records within it cannot be modified and to reopen it again if it is eligible. Requires the Read right. When a user is attempting to perform a Records Management action on an object, the only rights taken into consideration are the user's rights on that particular object. For instance, if the user has the Freeze right on a record folder but not on a record contained within that folder, then the user will be unable to freeze the individual record. However, the user will be able to freeze the record folder itself, which will effectively freeze all of the records within it as well. The freeze operation affects the entire contents of the folder to which it is applied, regardless of what rights the user has on the items within the folder. Security Implications of Records Management Rights Much of the purpose of Records Management is to prevent users from modifying records if they are not in the appropriate point in the record life cycle. Because of this, certain Records Management actions will restrict what users can do with a record, regardless of what other rights or privileges they possess. Records Management actions such as closing record folders, cutting off record folders, and freezing will restrict users' rights to the record folders or records that are closed, cut off, or frozen. These restrictions apply to all users and groups, including administrative users. The restrictions will not appear in the Access Rights dialog, nor will they be available by looking at the user's Effective Rights. Looking at the properties dialog or the Security column of the Laserfiche Client Folder Browser, however, will show complete rights for a closed, cutoff, or frozen entry. Close, Cutoff, and Freeze are the Records Management actions that restrict users' rights in this way. They can be reversed by the actions Reopen, Uncutoff and Unfreeze, respectively; reversing these actions will cause security settings to revert to whatever they were before the original action. Closing Record Folders Several different records management operations will result in the closure of a record folder. The most obvious of these is the Close Folder operation. Setting the final event date, and Cutoff, also close the folder. Closing a folder effectively makes it read-only by restricting the following entry access rights: Modify Contents Append Annotate Write Metadata 6

Create Documents Create Folders In Laserfiche 7.2, the Write Metadata entry access right is no longer required to add links, tags or versions to entries, only to modify or remove them. This allows users to mark records as Superseded as necessary. This ability is also the reason that the Record Management privilege now allows Record Managers to remove the links, tags and version group metadata elements even after the record folder is closed. Otherwise, metadata could be added to records in closed folders but could never be removed. Cutoff As noted above, cutting off a folder closes it, so all of the access rights restricted by folder closure will also be restricted by cutoff. In addition, cutting off a folder restricts the Delete entry access right, except for users with the Records Management privilege. Freeze Freezing an entry pauses its retention schedule and restricts a broad variety of modification rights. Freeze restricts the following entry access rights on the object to which it is applied and (if the object is a record folder or record series) to any objects inside it: Modify Contents Delete Rename Write Metadata Set Event Time Close/Reopen Folder The restriction of Set Event Time and Close/Reopen folder results from the pausing of all Records Management actions on frozen objects. The record cannot proceed through disposition, and therefore you will be unable to perform disposition actions on it. If a record is frozen but the record folder is not, you will be able to perform disposition actions on the containing folder; the folder will then enter a state of partial disposition where unfrozen records will be processed and frozen records will not. Freeze also prevents the object from being moved to another location in the folder tree. Although the Record Management privilege permits users to remove metadata from closed record series even if they lack Write Metadata, this privilege does not give Record Management users access to Frozen records. 7

Records Management and Laserfiche Security May 2006 Author: Justin Pava Editor: Regina Carns, Constance Anderson Compulink Management Center, Inc. Global Headquarters 3545 Long Beach Blvd. Long Beach, CA 90807 U.S.A Phone: +1.562.988.1688 www.laserfiche.com Laserfiche is a trademark of Compulink Management Center, Inc. Various product and service names references herein may be trademarks of Compulink Management Center, Inc. All other products and service names mentioned may be trademarks of their respective owners. Copyright 2006 Compulink Management Center, Inc. All rights reserved 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback