Security Profiles

Role Required To create and manage Security Profiles you need to be assigned to the Application Administrator or Records Manager role.

Security Profiles only apply to users with the Records Visitor role in Azure Active directory. Adding a User to a Security Profile does not automatically give the user access to Records365. For more information about assigning roles see User Roles and Permissions. Any user with the Record Manager or Application Manager Azure AD Role will ignore the permissions defined in a Security Profile.

Introduction

Security Profiles are used to give users with the Records Visitor role elevated privileges to view additional pages or perform additional actions in Records365.

User’s with the Record Visitor role by default are only able to view the Record Browse and Advanced Search pages and are not able to perform any actions within Records365. By placing these users in a Security Profile it is possible to give them access to additional pages and the ability to perform certain actions.

A Security Profile can have either Users or Groups from your Azure Active Directory (AAD) added to it. When adding an AAD group all direct members of the group will be assigned the privileges granted by the Security Profile. Nested AAD group (groups within groups) members will not be given additional privileges. Users can be assigned to multiple Security Profiles. Security profiles always grant additional access so a combination of all the users Security Profiles is applied.

Creating and Editing a Security Profile

  1. Click on the Settings icon
    in the top right hand corner of Records365.
  2. Under Security, click on Profiles in the left hand navigation pane.
  3. Click the New Security Profile button, or click the Name link of a Security Profile from the grid.
  1. The Security Profile page will open.
    1. The Name field is required. This will be the identifier for the Security Profile.
    2. The Description field is optional. This is additional info you can add to a Security Profile describing it in more detail.
    3. The Permissions list is optional. Selecting one or more of the view permissions will grant users added to this Security Profile read only access to that functional area of Records365. Selecting a Manage permission will grant users added to this Security Profile the ability to view, create, edit or delete (where applicable) the selected functional area of Records365.
  1. The Users and Groups tab displays all the users and groups that have been added to this Security Group. To add a new User or Group click the Add button. The Add Users or Groups pane will open.
  1. Add a User by their UPN, or a Group by it’s Group name and Globally Unique Identifier (GUID). You can find the Globally Unique Identifier (GUID) in Azure Active Directory under the Object ID field when viewing the Group.

A user’s UPN is typically their email address. Please contact your organizations Identity Administrator to find out what the UPN is for a given User. To obtain the Group ID you can find more details here.

  1. Click ‘Save’. Your Security Profile is now ready. Any user listed in the user list who also has the Record Visitor Role in Azure Active Directory will be granted access to Records365 as defined by the Security Profiles they are listed in.