InfoSphere Enterprise Records, Version 4.5.1.3+              

InfoSphere Enterprise Records security roles

IBM® InfoSphere™ Enterprise Records supports the security roles that come with the product by default. Each role defines the functional access rights for the user.

The access rights granted to users in these roles vary slightly based on the data model. You assign groups (and possibly users) to security roles as part of configuring each FPOS in your environment. For more information about setting security roles, see Configuring security for the file plan object store (FPOS).

Important:
  • Carefully identify the groups that should be assigned to each role before you install InfoSphere Enterprise Records. When you set security roles, the security of all of the InfoSphere Enterprise Records-related classes in the FPOS is updated. Once you have set the security roles, you can later update the security classes by reconfiguring the security roles. However, reconfiguration does not update the security for record objects already created.
  • When assigning the roles in InfoSphere Enterprise Records, make sure that there is no role duplication of users when selecting groups and users for each role. If a user has been assigned more than one role, unexpected behavior occurs when the permissions of one role conflict with the permissions of another. For example, do not assign #AUTHENTICATED-USER to the Records User role, as it negates the permissions needed by users assigned as Records Managers, Records Reviewers, and Records Administrators.
  • Make sure you keep track of the users and groups you assign to each role, as described in the following table. You need this information when you make changes in the security role mappings in the future. A security role planning table enables you to manage your role assignments.
Table 1. Security roles
Security role Applicable data models Required? Functional access rights
Classification Guide Administrators DoD Classified No Functional access rights for Classification Guide Administrators:
  • Control update access to the Classification Guides
  • Add Classification Guides to classified object stores
Records Administrator All Yes Functional access rights for Records Administrators:
  • Set up InfoSphere Enterprise Records (includes installing and configuring InfoSphere Enterprise Records components)
  • Set up security
  • Create users and groups
  • Assign permissions to users and groups
  • Define and modify security markings
  • Configure auditing
  • Delete file plans, categories, and records
  • Import and export records
  • Back up and restore file plans and records

In addition to the functional access rights listed above, the Records Administrator role has the same functional access rights as the Records Manager role.

Records Manager All Yes Functional Access Rights for Records Manager:
  • Create and modify file plans and levels of hierarchy such as record categories, folders, and volumes that are used to classify records.
  • Create other associated objects such as naming patterns, record types, actions, phases, and holds.
  • Define and maintain disposition schedules to control the retention and destruction of entities.
  • Allocate disposal schedules to record categories, record folders, and record types.
  • Perform records management activities such as relocating records, setting vital records, and activating records.
  • Initiate, approve, and reject the disposition actions for entities.
  • Run reports.
Records Reviewer PRO Yes Functional Access Rights for Records Reviewer:
  • Review entities due for disposition.
  • Search and display records, folders, and categories.
  • Declare records.
  • Perform basic record-related operations such as file, move, and copy records.
Records Privileged User Base, DoD, and DoD Classified Yes Functional Access Rights for Records Privileged User:
  • Review entities due for disposition.
  • Search and display records, folders, and categories.
  • Declare records.
  • Perform basic record-related operations such as file, move, and copy records.
Records Users All Yes Functional Access Rights for Records Users:
  • Search and display records, folders, and categories.
  • Declare records.
  • Perform basic record-related operations such as file, move, and copy records.


Feedback

Last updated: November 2010


© Copyright IBM Corporation 2010.
This information center is powered by Eclipse technology. (http://www.eclipse.org)