IBM® Enterprise
Records provides
the security roles that define the functional access rights of users
and groups. Some access rights can vary based on the data model.
IBM Enterprise
Records security roles
are set at the FPOS level, and the roles are assigned to users and
groups by running the Security Script wizard when the FPOS is created.
As a result of assigning these roles, the system updates the default
instance security on IBM Enterprise
Records-related
classes. After the security roles are assigned, you can run the Security
Script wizard again. However, there are implications with rerunning
the wizard. For more information, see the configuring security for
the file plan object store topic in the IBM Enterprise
Records Installation and Upgrade Guide.
Do not assign more than one IBM Enterprise
Records security
role to a user. When explicitly denying permissions to a user, assigning
more than one role to a user results in the role with the least access
taking priority. For the same reasons, do not assign a user to multiple
groups that have different IBM Enterprise
Records security
roles.
Table 1. security roles available in IBM Enterprise
Records Role |
Tasks |
Classification Guide Administrator |
- Create, modify, and maintain DoD Chapter 4 Security Classification
Guides.
|
Records Administrator |
- Set up IBM Enterprise
Records, including
installing and configuring different components of IBM Enterprise
Records.
- Set up security.
- Assign permissions to different users and groups.
- Define and modify security markings.
- Configure auditing.
- Delete file plans, categories, and records.
- Import and export records.
- Back up and restore file plan and records.
- Perform any tasks assigned to any other role shown later.
|
Records Manager |
- Create and modify file plans and levels of hierarchy, such as
record categories, folders, and volumes.
- Create other associated objects, such as naming patterns, record
types, actions, phases, and holds.
- Define and maintain disposition schedules to control the retention
and destruction of entities.
- Associate disposal schedules to record categories, record folders,
and record types.
- Perform records management activities, such as relocating categories
and folders, setting vital records, and activating records.
- Initiate, approve, and reject the disposition actions for entities.
- Run reports.
- Perform any tasks assigned to any other role shown later.
|
Records Reviewer (PRO)/ Privileged User (DoD and Base) |
- Review entities that are due for disposition.
- Perform basic record-related operations, such as file and copy
record.
- Search and display records, folders, and categories.
- Declare records.
|
Records User |
- File a record.
- Search and display records, folders, and categories.
- Declare records.
|