Role Required To Manage Physical record security you need to be assigned to the Application Administrator or the Records Manager role.
Securing physical records is a key requirement for most organizations that have a decentralized approach to their records management practice. It allows physical content to be segregated such that departments within an organization only see their relevant content; in addition, it prevents other departments from inadvertently accessing private content.
A typical example of this may be that HR department has it own types of artefacts, which carry specific metadata appropriate to their business unit. These artefacts will also need to be secured in a consistent manner, such that only the HR department can access it. Through the creation of a HR specific physical profile, the metadata and security can be managed and visualized from a unified view.
For scenarios where you have content that should be made available to all your Records365 users, Records365 still gives you the flexibility to disable trimming and make content globally available.
Records365, through the use of physical profiles, allows a organizations to create metadata templates to enforce consistency on how different physical asset types are managed. See Physical Profiles for more information on creating and editing physical profiles.
Leveraging this approach, access can also be trimmed at the physical profile level, allowing all associated content to inherit the access controls applied to the physical profile.
To enable security trimming on a physical profile click the Security Trimmed slider into the enabled position. By default, security is disabled for a physical profile, this means all registered users can access ALL physical assets related to this profile.
With security enabled, Azure Active Directory groups can then be added to the profile, using the + Add Group button. Entering at least 3 characters will search for groups in your associated directory by name or email address starting with those characters. Records365 supports AAD groups of type Office, Security and Distribution to restrict access. Records365 only supports AAD groups to secure content.
To remove a Group from a Profile, click the icon next to that group.
Click ‘Save’. Saving will update all of the items related to this physical profile with the appropriate security information. Once complete they will only be accessible by the appropriate groups and their members.
Physical profiles by default have security disabled, when a physical profile has security disabled all Records365 users can access the related physical assets.
Once a physical profile has had security trimming enabled, disabling it will prevent the profile from having security enabled in the future. Please be aware of this behavior before proceeding with disabling security for a physical profile.
This process can take some time depending on the number of physical assets using the physical profile.
Security access for physical records, folders and boxes is defined at the physical profile level. This means security for a record, folder or box is assigned when a particular physical profile is selected. All changes made to security at the physical profile level will then be propagated down to all of the related content.
Security trimming in the various pages in Records365 only applies to Record Visitor roles. Record Managers and Record Administrators will continue to have access to all content in Records365.