Dynamically control viewing and usage of records

Hi Folks,

We have one requirement, where the visibility and usability of the record to specific users (locations) will be controlled by the custom property of the record. For example, if a record is belong to Organization 'Org1', it will be visible and usable to certain set of users who belong to Organization 'Org1'

This field Organization is a custom field.

Thanks for all your support. 

Regads

Subha 

  • Suggested Answer

    0  

    Hi Subha
    The access to records can be controlled OOTB using standard properties, it does not need a custom property.

    The access can be controlled by the Default Record access set on the record type (configurations can include the ability  to inherit the values from a container), they can also be defined on the record itself by applying the security and access to be applied, which can also be copied from an existing project.
    e.g. At record level. Select the record and right click Security and Audit, Security/Access. Under Access Controls, select the Access To property e.g. View Document, and then select Custom, in the resulting dialog you can then Add users or groups as relevant.

     

  • 0 in reply to   

    Hi Martin,

    First of all thanks a lot for your response. 

    Let me explain our requirement in a bit more details. Say - we have a dropdown field 'Country' at the Record level. In this field, a user (record preparer) has selected value 'United States'. Now, this Records should be visible to the members of the 'United States user group'. Or, the record will be visible to users, who has United States as country in their profile. 

    Hope, this clarifies the requirement. Please feel free to ask for further clarification.  

  • Suggested Answer

    0   in reply to 

    Hi  
    Depending how you are configuring CM, you can still achieve this with standard functionality in one way or another.
    e.g. If you had a classification/category structure set with the relevant group access and this was inherited to the document when placed under the classification, or it was set on a container/folder and inherited to the records beneath; when the record was stored in that location the Access control would be established.

    Another way could be to use the security Caveat feature in conjunction with permissions to control access, although if you are using caveats elsewhere that may be confusing.  You could create caveats based on the Country values, and then apply this as a standard field to the form. If the user has the same caveat then they get access to the record, however the individual settings for View,Use, Modify would still be driven by group membership and so the standard feature of applying the access control would still be needed.

    Rather than creating multiple record types with one for each Country, you could create a classification for storage from which a single custom record type inherits the access etc. Set the standard classification field as mandatory on the form
       Customer Country     classification set viewable by all to provide navigation, and no records can be stored at this level
           United States         classification with access set to members of the group United States (US)
                Document 1         document inherits access from above
                Document 2         "
           United Kingdom     classification with access set to members of the group United Kingdom (UK)
                Document 99       document inherits access from above
                Document 100     "

    If you have user A who is only a member of US, they will only see the root classification US sub and only be able to select the US sub classification to store records. User B who is a member of both US & UK will be able to choose from either. The actual access available View,Use, Modify would be according to the Default Record Access on the classification.

    Alternatively this can be done from a container, and set the container to be a mandatory field, and either will require a bit of pre-configuration but once in place would typically require minimal maintenance, e.g. to add/remove users from User Groups, or add a new classification/container if more countries or similar are required.

    If you really want this to be based on the selection of a custom field value, then you would need to consider a more custom setup.

    e.g. a custom event handler so that when a record is created, it reads the Country value from a restricted lookup list and then applies the access control to the record by finding the related group and applying the permissions. Unless you have access to your own development resources to provide the necessary code, you could contact you local OpenText Professional Services team to potentially provide this for you.

     
               




  • 0 in reply to   

    Hi,

    Martin thanks again for the detailed response. 

    Unfortunately, we are using Classification for Retention Schedule purpose. We have a mapping of Retention Schedule with other fields (say Field1 & Field2) and not with Country and Region. Let me give you one example

    Mapping :: 

    if Field1 = 'Value1' -- Retention Schedule = 10 years

    If Field 2 = 'Value 2' -- Retention Schedule = 15 years (So, Field2's value override the retention set by Field1)

    What we have done in Classification. 

    'Value 1' -- 10 years

         'Value 2' -- 15 years 

    'Value 2' is Child Classification under 'Value1' , User can sect either of 'Value 1' as 'Value 2' as Classification 

    Since, only one Classification can be selected for a Record, we have to choose between Retention Schedule and Access. 

    Do you think we can achieve this Retention Schedule mapping using some other configuration than Classification? Then we can use Classification for Security purpose. 

    As a technical question, where do we configure to force system to use a specific Access Control for selected Classification?

    Appreciate your help. 

    Regrads

    Subha

  • 0   in reply to 

    Hi  

    Firstly could you confirm which version of CM you are using ? 

    I am not sure that I fully understand your Retention Configuration from the classification  with regard to Field 1 & Field 2 being used to set the retention to apply; whilst you can add the fields they typically wouldnt affect the retention setting as that is set in the General tab. Having a sub classification with different values for the retention will override the parent classification due to inheritance.  
    Some screenshots, obfuscated where relevant, might help me to understand your config and explain a bit more about your requirements and provide some guidance, which I can happily give, but we are starting to stray more into the territory of professional services delivery from OT and it may be a case of you contacting your local team to assist. 

    Unfortunately I cant add anything further at the moment as I will be unavailable for the next couple of weeks due to other commitments and without access to my normal resources. 

    If you can provide the screenshots and additional info on the config and requirements by adding a file to this discussion I may be able to help if I can access whilst away. Otherwise,  I will have to pick up on my return.