With Records365 connecting data, records and content from multiple sources and making it visible in a single user-friendly dashboard it is paramount that security is respected across all of these surfaces.
The security controls for content managed by Records365 is applied as a transparent layer between it and the source application where the content originated, allowing your business to benefit from a consistent end user experience when transitioning between applications thus ensuring a total in-place records management solution.
Security is applied at the role level in Records365, currently there are three primary User Roles available
Application Administrator - security trimming does not apply to users assigned this role. This allows the group to have total visibility for triaging and managing the entire records corpus.
Record Manager - security trimming also does not apply to users assigned this role. From a security perspective, users assigned this role will have the same experience as those assigned the Application Administrator role.
Record Visitor - this is the most common role and gives general users access to Records365. At a minimum users can access the Browse and Search pages within the product. Items displayed in the Browse and Search pages will be subject to security trimming, such that only items that the user has access to will be displayed. Further users performing Disposal Approvals will be assigned this role, and so items are trimmed accordingly.
We acknowledge that not all Record Visitor users are created equal, and so through the use of Security Profiles a user can be elevated to perform additional operations like managing freezes, performing physical record scanning and the like. To make the most informed decision when performing these higher privileged operations it is important that all items are displayed, so in these areas items are not security trimmed. Not all users require this level of access, so we suggest that these operations be delegated through the use of multiple security profiles.
With item level security trimming being a transparent layer between the source application and Records365, items are only visible in Records365 when you have access to the content in the source application.
For SharePoint Online based records that would mean any of the below is true;
For physical records created and managed by the Record365 Physical Records module
For more information on physical record security see the Security Trimming page within the Physical Records section.
To elevate a users access you need to be assigned to either the Application Administrator or Records Manager role in Records365.
For users who require a higher level of control for managing all electronic and/or physical content in the Browse and Search pages, they will need to be assigned a security profile that has one or both of the following Permissions in the Access Control section
With the Browse and Search pages filtering results such that users only see items that they have access, it is also important to understand to see who has access to the record. This gives end-users total insight as to who can access the record and its related content.
To view the security information for a record;
Below shows an example of a electronic record related to a SharePoint Online document that can be accessed by Joe Smith, and users in the Fairbanks Staff AAD group. The inheritance source in this is case is SharePoint Online.
A few things to remember when using the security features of Records365.
The security trimming for SharePoint Online feature is available on request. To find out more about the feature, please contact support to have the feature enabled.