Before you install and configure the IBM® Enterprise
Records environment, review your
site security requirements for records management. Security administrators
must decide which users and groups must have access to certain records
management functions, folders, and files.
To provide a secure and reliable environment for storing, accessing,
and disposing of records, IBM Enterprise
Records uses the security features in FileNet® P8, FileNet P8 uses security roles provided
by IBM Enterprise
Records, default instance
security, security inheritance, and security markings. FileNet P8 is set according to the
security roles.
Typically, you must plan for and implement the following tasks:
- Determine what roles to assign to users and groups.
- Decide what entities require security markings. For example, decide
whether you must set up additional groups if the Classified data model
is used. This decision is important because specific roles are required
when you use the Classified data model. You can create markings in
any data model. The DoD classified data model has some built-in marking
sets for typical classifications such as Secret and Confidential.
- Plan security markings propagation. Objects inherit security markings
from their containers. You can set propagation to none, folder to
record, or record to folder. The default setting is no propagation.
In general, assign security settings to groups rather than individual
users. Putting people into groups and assigning security settings
to the groups is easier to manage. Adding or removing a person from
a group is easier when they join or leave the company.
Important: Assign IBM Enterprise
Records security before you use your IBM Enterprise
Records environment. Adjusting
the default security settings after the system is in use is complex
because assignments are not retroactive. You must go to each of the
previously created items and change their access security individually.