IBM® Enterprise Records provides common security roles. However, no other security roles can be added. Each role defines the privileges for the user. You must plan which users and groups belong to specific roles and decide which privileges to grant to each role.
The privileges that are granted to users in these roles vary slightly based on the data model. You assign groups (and possibly users) to security roles as part of configuring each file plan object store in your environment.
To plan for security roles, identify the groups that are assigned to each role before you install IBM Enterprise Records.
When you set security roles, the security of all of the classes that are related to IBM Enterprise Records in the file plan object store is updated. After you set the security roles, you can later update the security classes by reconfiguring the security roles. However, reconfiguration does not update the security for record objects that are already created. Making sure that the updated users have the correct access to previously created record objects is difficult because of interdependencies. To change security access, you must use Enterprise Manager in FileNet® P8 V5.1 or earlier or IBM Administration Console for Content Platform Engine in FileNet P8 V5.2.
Security role | Applicable data models | Required? | privileges |
---|---|---|---|
Classification Guide Administrators | DoD Classified | No | Functional privileges for Classification Guide Administrators:
|
Records Administrator | All | Yes | Functional privileges for Records Administrators:
In addition to the functional privileges described for Classification Guide Administrators, the Records Administrator role has the same functional privileges as the Records Manager role, except for folder deletion. |
Records Manager | All | Yes | Functional privileges for Records Manager:
|
Records Privileged User | Base, DoD, and DoD Classified | Yes | Functional privileges for Records Privileged
User:
|
Records Reviewer | PRO | Yes | Functional privileges for Records Reviewer:
|
Records Users | All | Yes | Functional privileges for Records Users:
|