CM 9.3.1SavedSearch needed for documents moved from secure to non secure file
This is related to my topic from a page before:
Basically, since we still don't have the solution for the above issue, we must think about the workaround solution: How to "spot the users who moved the document which they cannot see but can copy (Including the electronic document) to a non-secure file and then (since the document inherites the access of the landing file in this transfer, unrestricted ) see it without problems ...
To explain further: out of seven layers of ASL (Access settings) we consider our file secure if the first, third and fourth category are restricted to some group of users only; however, the documents inside inherites the first and third category of access only, the fourth one becomes "unrestricted".
When this document is in TRIM highlighted and right click - New - copy Record and placed in the non secure container/file it becomes "unrestricted" and user can see the electronic document in that container..
For the secure file, the 5th and 6th category of file access are enforcing the Record type restrictions, so all good.
OK, so, can we generate the saved search, or fileter the logs or anything, SQL script or print merge method that will isolate the user who moved the restricted document from restricted file into the unrestricted file , e.g. yesterday ? I have tried some methods, but no success....
Any comments appreciated !
If they've used the New > Copy Record function to bypass the security, then this should show up in the Online Audit Log as an event called "Record Copied". PM me if you'd like more details.
But, strangely, we do not record these sort of event logs .... Now, as Admin under the Administration tab - Auduts I've made them in our CM931 testing environment and also in the Record type audits option....
I must do that in production later on as well, i am just concerned about the impact on the system/database.....
Regards and thanks again.
Just to let you know that I enabled the log events for "Record Copied" and now we would know when somebody has copied the record, although it would be tricky to isolate only the case "record copied from SECURED file to Unsecured file", but a manual / visual check should be accept