Role Required To create and manage Security Profiles you need to be assigned to the Application Administrator or Records Manager role.
Security Profiles only apply to users with the Records Visitor role in Azure Active directory. Adding a User to a Security Profile does not automatically give the user access to Records365. For more information about assigning roles see User Roles. Any user with the Record Manager or Application Manager Azure AD Role will ignore the permissions defined in a Security Profile.
Security Profiles are used to give users with the Records Visitor role elevated privileges to view additional pages or perform additional actions in Records365.
Users with the Record Visitor role by default are only able to view the Record Browse and Advanced Search pages and are not able to perform any actions within Records365. By placing these users in a Security Profile it is possible to give them access to additional pages and the ability to perform certain actions.
A Security Profile can have either Users or Groups from your Azure Active Directory (AAD) added to it. When adding an AAD group all direct members of the group will be assigned the privileges granted by the Security Profile. Nested AAD group (groups within groups) members will not be given additional privileges. Users can be assigned to multiple Security Profiles. Security profiles always grant additional access so a combination of all the users Security Profiles is applied.
A user’s UPN is typically their email address. Please contact your organization’s Identity Administrator to find out what the UPN is for a given User. To obtain the Group ID you can find more details here.
The following table describes the actions that are granted by each of the Permissions listed under a security profile. Remember, this table only applies to Records Visitor users, and only adds permissions - by default, users with the Records Visitor role will not have access to perform any actions in Records365.
|View Disposals||Grants Read-Only access to the Disposal page in the left navigation pane|
|Manage Disposals||Grants Full access to the Disposal page in the left navigation pane|
|View Legal Holds||Grants Read-Only access to the Freezes page in the left navigation pane|
|Manage Legal Holds||Grants Full access to the Freezes page in the left navigation pane|
|View File Plans||Grants Read-Only access to the File Plan page in the left navigation pane|
|Manage File Plans||Grants Read-Only access to the File Plan page in the left navigation pane|
|View Physical Records||Grants Read-Only access to the Loans and Locations pages in the left navigation pane|
|Manage Physical Records||Grants Full access to:
Loans and Locations pages in the left navigation pane
Create and Edit Physical Records in the Browse and Search pages
Create and Edit Physical Profiles and Fields
|View Rules||Grants Read-Only access to the Rules page in the left navigation pane|
|Manage Rules||Grants Full access to the Rules page in the left navigation pane|
|Approve Disposals||Grants access to the Manage Approval action in the Disposal pane, and allows users to approve disposal requests.|
|Reschedule Records||Grants access to the Reschedule action in the Search and Browse pages|
|Resubmit Records||Grants access to the Resubmit action in the Search and Browse pages|