You are viewing limited content. For full access, please sign in.

Question

Question

Document Access Rights in TRM

Version 9 Records Management Security
Updated September 19, 2014
asked on September 17, 2014

 

I have documents I'm moving into Record Series using the Transparent Records Management (TRM) solution, but I'm noticing something odd with document access issues.
 

When storing a document, I save it to the appropriate Record Series and a shortcut to the user accessible folder. Certain documents have limited access rights, so I save those shortcuts to a folder with limited access rights.  My problem is, those documents are showing up in searches by users that shouldn't be able to see those documents.

Doesn't TRM rely on access rights of the shortcut to determine if a document appears in a search result?

 

 

0 0

Replies

replied on September 17, 2014 Show version history

No, it doesn't. By putting the shortcut into a restricted folder, all you've done is made it impossible for someone to browse to the shortcuts. Searches respect the security of the folder where the document sits. Shortcuts don't show up in search results unless you search for a document name and check the Shortcut box:

 

 

0 0
replied on September 17, 2014

So how can I place a document into a Record Series that isn't globally restricted, but the document and it's shortcut should be?  I thought that was the whole concept of the secure tunneling piece of TRM.

0 0
replied on September 18, 2014

In that case you may be better served by using a Security Tag to restrict access to specific documents that sit alongside documents that are openly available. Security is applied at the folder level. It can be applied to documents, but that gets very ugly, very fast. A Security Tag let's you pick out a single document and hide it fairly efficiently.

 

Remember that TRM isn't a feature, but is a technique for using features. So, you're still bound by all the normal rules for security. Generally, the implementation of TRM is in the form of restricting the visibility of your Records, but exposing the documents in a way that makes sense. You would not give your users permissions to see into the Records series' by denying browse permissions. Then you create shortcuts into an area that they can see, in a folder structure that makes sense for their use case. Your Records structure might not make sense to the average clerk because it needs to be organized by document type and retention. However, you create a folder structure with shortcuts that's organized by name for the regular users to see. That's what is meant by secure tunneling, that you're allowing people visibility into a more secure section of the repository.

0 0
replied on September 19, 2014

I haven't implemented Security Tags yet, but it sounds like I need to brush up on that feature.  Luckily it should be a fairly simple add to my workflows handling "extra level security" documents. (famous last words)

Thanks for the thoughts and suggestions.

Greg

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...