Security Roles
In Records Management, there are many security roles available in the system. When adding a new account to the system, they will need to be assigned to at least one security role. Accounts can only be created and managed by those logging with a Master Account or with the System Admin role.
System Admin
The System Admin role grants a user full access to Records Management. System Admins can manage all aspects of Records Management, including the management of security. As a best practice, after logging in for the first time as the Master Account, we recommend provisioning the first user account as a System Admin. You should then login with this newly provisioned account to administer the system going forward. The Master Account should only be used if needed, such as when setting up the first System Admin account or configuring custom branding.
The Physical Records Management extension has a different security system and not even this System Admin role will grant a user access to that system. If a user should be the administrator of both systems, add the user to both System Admin and Physical Administrator roles.
Global Record Manager
The Global Record Manager role allows a single user or group of users to have complete control over the File Plan and associated records within the system. A Global Record Manager will be able to grant users access to specific Record Classes as well as manage Record Filters in order to lock down access to records meeting a specific set of rules. The Global Record Manager role will not grant permission to manage accounts or to the global system settings.
A Global Record Manager is not an administrator of the Physical Records Management system by default, the user would also need to be given the Physical Administrator role.
Record Manager
The Record Manager role is used to provide record managers who may not have access to all records in an organization due to geographic or departmental boundaries. If your organization does not have these types of boundaries you may not need to assign any accounts to this role and can possibly make all records managers a Global Record Manager in the system.
The Record Manager role can actively manage the File Plan, with the exception of permissions and Record Filters. They will also be able to manage Legal Cases and to see monitoring information to better understand what is happening to information in the system in real-time.
The Record Manager account is bound by any Record Filters configured and applied to Record Classes.
Users
The User role grants an account access to the system but does not assign them any permissions to see records. Permissions are assigned for a specific user to individual Record Classes in order to give a user a certain level of access to the records and information assigned to that Record Class. A Global Record Manager will be able to set these specific permissions. An account must first be added to the system in order for it to be granted permission.
There are two levels of permissions that can be assigned at the Record Class level:
View permissions grant a user view access for individual Record Classes in Records Management. When users who are assigned View permission sign into Records Management, they will have the ability to view existing records and details, as well as create physical record requests as needed.
Declare permissions grant a user Declare access for individual Record Classes in Records Management. When users who are assigned Declare permission sign into Records Management, they will have the ability to view existing records and also Declare official records pertaining to the Record Classes in which they have been given access.
In addition, an account with the User role may be assigned Approver permissions. Approver permissions grant a user the ability to approve records for disposition for individual Record Classes. The ability to assign Approve permissions is discussed in the Approvers topic.
Physical Administrator
An account with the Physical Administrator role has complete access to all components of Physical Records Management. However, a Physical Administrator does not have System Admin role in the core Record Management system unless they are given that role as well. Because of the integration of Physical Records Management into the core system, a Physical Administrator will not have access to the following components unless assigned the proper role in the core software:
- Assigning a record class to a container
- Placing a container on hold
- Placing an asset on hold
- Reporting
Physical User
The Physical User role will only be able to use features if they are given specific permission on the different components of Physical Records Management, which includes Containers, Assets, Locations, Charge In/Out, and using a Barcode Schema.