At least one Security Group must have been created before you can assign permissions to a Record Category. See the section on Configuring Security Groups for more details.
Permissions on Record Categories define how organization members (individual users or AD Groups), regardless of their role as defined on the Users and Groups page, get access to features for categorized and uncategorized content.
These users and their permissions are granted access to content in addition to users who otherwise have access to the content from the source systems. These permissions do not supersede or remove other users' access to content in Collabspace or the source system.
To assign permissions, click on the ellipsis (…) icon for a given Record Category row or right-click anywhere on the row itself to display the context menu. Next select Permissions to display the currently assigned Security Groups with their respective permissions and members.
Start typing a keyword into the Security Group field. All available and matching options will be displayed in the suggestions. The Records Administrator does not have to be a member of a security group to assign it to a Record Category.
Multiple Security Groups can be applied to a single Record Category. When the same members are a part of different Security Groups assigned to a Record Category, permissions become cumulative, which provides a great level of control over who has access to categorized content and how much access they have.
After selecting a Security Group, the permissions interface will be displayed. Note that a Security Group can be applied to a Record Category without any permissions but can be modified later to add or remove permissions.
A Security Group may already have members assigned to it when it’s added to a Record Category. These users will receive the specified access when the Security Group permissions are saved.
Here’s a breakdown of what each permission checkbox controls in regard to the specific Record Category:
- Categorize content
Allow users to select the Record Category from a list of suggesting when categorizing content.
- Trigger events for categorized content
Allow users to start Workflows and trigger events to move content to the next retention stage. This is currently not implemented and is for future use.
- Review categorized content
Allow users to manage review lists with categorized content.
- Manage categorized content
Allow users to remove existing Record Category and re-categorize to a different Record Category.
- Search for categorized content
Allow users to see content categorized under a Record Category in search results, regardless of the specified users’ original permissions to the content.
- View categorized content
Allow users to preview the document in the Lifecycle Details page or the Preview panel in search results.
- Download categorized content
Allow users to Download or Export content through search or Lifecycle Details.
- Edit categorized content
Allow users to modify the properties of categorized content. This is currently not implemented and is for future use.
Note the following permission dependencies when selecting checkboxes:
|Selected Permission||Automatically added Permission|
Once permissions for a Security Group have been saved, the labels will either show a green checkmark or a red X, depending on whether it was applied or not. You can either click Edit to display the checkboxes again or click Remove to dissociate the Security Group from the Record Category.
Sub-categories inherit permissions from their parent Record Categories allowing Records Administrators to manage security for multiple categories at a time by modifying permissions of the parent category.
To assign custom permissions to a sub-category, you first need to click the Break Inheritance button.
A confirmation dialog will then be displayed, notifying the user that permissions are inherited from the first parent category which is not inheriting any permissions.
Once inheritance is broken, the Edit and Remove buttons become available and the Security Group heading no longer reads “Inherited”. Click Edit if you wish to modify individual permissions or click Remove to dissociate the Security Group from the Record Category. You can add other Security Groups by typing a keyword into the Security Group field.
It’s important to remember that permissions are inherited by a child sub-category from its immediate parent category, as long as the parent itself is not inheriting any permissions. Clicking the Restore inheritance button will display a confirmation dialog window with a description of what will happen to Record Category permissions.
Proceeding will remove any custom applied Security Groups and permissions, and replace them with Security Groups and permissions which are currently applied to the parent Record Category, which themselves may or may not be inherited from another parent category.