IBM Enterprise Records, Version 5.1.2   

Users, groups, and roles

IBM® Enterprise Records provides common security roles. However, no other security roles can be added. Each role defines the privileges for the user. You must plan which users and groups belong to specific roles and decide which privileges to grant to each role.

The privileges that are granted to users in these roles vary slightly based on the data model. You assign groups (and possibly users) to security roles as part of configuring each file plan object store in your environment.

To plan for security roles, identify the groups that are assigned to each role before you install IBM Enterprise Records.

When you set security roles, the security of all of the classes that are related to IBM Enterprise Records in the file plan object store is updated. After you set the security roles, you can later update the security classes by reconfiguring the security roles. However, reconfiguration does not update the security for record objects that are already created. Making sure that the updated users have the correct access to previously created record objects is difficult because of interdependencies. To change security access, you must use Enterprise Manager in FileNet® P8 V5.1 or earlier or IBM Administration Console for Content Platform Engine in FileNet P8 V5.2.

Security roles, privileges, and their applicable data models are described in the following table. You need this information when you change the security role mappings in the future.
Table 1. Security roles
Security role Applicable data models Required? privileges
Classification Guide Administrators DoD Classified No Functional privileges for Classification Guide Administrators:
  • Control update access to the Classification Guides
  • Add Classification Guides to classified object stores
Records Administrator All Yes Functional privileges for Records Administrators:
  • Set up IBM Enterprise Records (includes installing and configuring IBM Enterprise Records components)
  • Set up security
  • Create users and groups
  • Assign permissions to users and groups
  • Define and modify security markings
  • Configure auditing
  • Delete file plans, categories, and records
  • Import and export records
  • Back up and restore file plans and records

In addition to the functional privileges described for Classification Guide Administrators, the Records Administrator role has the same functional privileges as the Records Manager role, except for folder deletion.

Records Manager All Yes Functional privileges for Records Manager:
  • Create and modify file plans and levels of hierarchy such as record categories, folders, and volumes that are used to classify records.
  • Create other associated objects such as naming patterns, record types, actions, phases, and holds
  • Define and maintain disposition schedules to control the retention and destruction of entities
  • Allocate disposal schedules to record categories, record folders, and record types
  • Perform records management activities such as relocating records, setting vital records, and activating records
  • Delete file plans, categories, folders, and records.
  • Initiate, approve, and reject the disposition actions for entities
  • Run reports
Records Privileged User Base, DoD, and DoD Classified Yes Functional privileges for Records Privileged User:
  • Review entities due for disposition
  • Search and display records, folders, and categories.
  • Declare records
  • Perform basic record-related operations such as file, move, and copy records
Records Reviewer PRO Yes Functional privileges for Records Reviewer:
  • Review entities due for disposition
  • Search and display records, folders, and categories
  • Declare records
  • Perform basic record-related operations such as file, move, and copy records
Records Users All Yes Functional privileges for Records Users:
  • Search and display records, folders, and categories
  • Declare records
  • Perform basic record-related operations such as file, move, and copy records


Feedback

Last updated: November 2013
frmpp044.htm

© Copyright IBM Corporation 2013