Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
PerthRM8 Outstanding Contributor.
Outstanding Contributor.
380 views

TRIM Security Levels and E-Mail message Prefix (SEC, CLAS, TOP SECRET)

Jump to solution

Hi,

(MF CM 9.3, Win10, Office 2016, SQL 2016 etc.)

Just a question about how can we setup our E-Mails to have the Prefixes such us SEC, Official, TOP Secret but based on the security level of the TRIM documents being sent out to external parties?

Currently, we only have 1 security level, UNRESTRICTED, but we are instructed to make a data classification that will be used on a much broad level, e.g. accross the country, so we will have 4 security levels in total for 20 Million documents ( The docs will be classified e.g. 4 levels , 5 millions docs for each level)

Another question is about the effects of these changes, the warning is that the "conversion/change will take a long time just for 5 records, not to mention 5 million docs....is that really the case?

Also, these security levels as I understand can be applied to a FILE/Container levels as well as on the document's level and for the LOCATIONS / users as well?!!!

Third question is , how all these relates , access wise?

Can the "lover security level" TRIM user make high security level documents and place them in medium security level Container/File?

But the original question is : how to set up the email messages from MS OUtlook 2016 to include the security level abbreviation (SEC, TOP LEVEL, or e.g. Classified) in front of the message's subject/file title of the TRIM document that is being sent to an external party?

Thanks in advance

 

 

0 Likes
1 Solution

Accepted Solutions
Highlighted
HeatherM1 Super Contributor.
Super Contributor.

Re: TRIM Security Levels and E-Mail message Prefix (SEC, CLAS, TOP SECRET)

Jump to solution

To try to answer these in order:

You can enable the prefixes on outgoing e-mails under the Administration tab. Select System, then the Security tab. At the bottom of the screen, there’s an option “Security annotations on outgoing email subjects” where you can select how you want the security level displayed e.g. Security Level – Prefix. When you use the Send To > Mail function, CM will prefix something like the following in the e-mail’s subject line: [SEC=TOP SECRET].

If you’re planning to update the security on millions of documents, I’d strongly suggest you do this outside of business hours, and maybe in chunks rather than the whole lot at once, as it may very well slow down performance for your users.  

Security levels can be applied at the container level. If you have a number of different container record types, you can set a specific default security level for each via Manage > Record Types. Alternatively, if you need more flexibility, you can have the container security level default based on where it sits in the Classification Scheme. Or if you don’t set up either of these options, you can manually set the security level via Properties for each container.

You can also configure CM to automatically update the security level of documents to match the container they’re being filed in. You can do this under Manage > Record Types. Open the properties of the required container record type. Under the General tab, at the bottom of the screen there’s an option “Behaviour for handling less secure documents”. If you select “Update Document security”, new documents will automatically take on the security level of their container.

And, yes, you can also assign security levels to locations. CM looks at the security level of a user or location and compares it to the security level of the record. If you configure CM to not retrieve records with a higher security profile than the user’s, then those records will not appear in a search. You can also configure CM to Ignore, Display Warning or Prevent when changing the assignee, home or owner to a less secure location. So, depending on how you configure CM, you potentially could have a “lower level” user creating high security documents and putting them in medium security Containers. It all depends on whether you want your security levels to just act as a label or actually prevent access.

Hope that helps.

3 Replies
Highlighted
HeatherM1 Super Contributor.
Super Contributor.

Re: TRIM Security Levels and E-Mail message Prefix (SEC, CLAS, TOP SECRET)

Jump to solution

To try to answer these in order:

You can enable the prefixes on outgoing e-mails under the Administration tab. Select System, then the Security tab. At the bottom of the screen, there’s an option “Security annotations on outgoing email subjects” where you can select how you want the security level displayed e.g. Security Level – Prefix. When you use the Send To > Mail function, CM will prefix something like the following in the e-mail’s subject line: [SEC=TOP SECRET].

If you’re planning to update the security on millions of documents, I’d strongly suggest you do this outside of business hours, and maybe in chunks rather than the whole lot at once, as it may very well slow down performance for your users.  

Security levels can be applied at the container level. If you have a number of different container record types, you can set a specific default security level for each via Manage > Record Types. Alternatively, if you need more flexibility, you can have the container security level default based on where it sits in the Classification Scheme. Or if you don’t set up either of these options, you can manually set the security level via Properties for each container.

You can also configure CM to automatically update the security level of documents to match the container they’re being filed in. You can do this under Manage > Record Types. Open the properties of the required container record type. Under the General tab, at the bottom of the screen there’s an option “Behaviour for handling less secure documents”. If you select “Update Document security”, new documents will automatically take on the security level of their container.

And, yes, you can also assign security levels to locations. CM looks at the security level of a user or location and compares it to the security level of the record. If you configure CM to not retrieve records with a higher security profile than the user’s, then those records will not appear in a search. You can also configure CM to Ignore, Display Warning or Prevent when changing the assignee, home or owner to a less secure location. So, depending on how you configure CM, you potentially could have a “lower level” user creating high security documents and putting them in medium security Containers. It all depends on whether you want your security levels to just act as a label or actually prevent access.

Hope that helps.

PerthRM8 Outstanding Contributor.
Outstanding Contributor.

Re: TRIM Security Levels and E-Mail message Prefix (SEC, CLAS, TOP SECRET)

Jump to solution

Thanks, it helps tremendously !

I will analyse/re-visit your message more times these days as I have few hints by other colleagues in style: "why bother to change the security levels for the existing records?" ??!!! Do it only from now on? I am not sure if this is acceptable especially after we trying to make the CM9.3 Web Client accessible to external users/contractor's companies... It would help if the data is classified on security ....

Anyway, thank you again, I just now see how this security levels and data classification becomes more and more relevant, especially in MF CM9.3 where we now have a quite changed form when we do right click on the File and chose Security and Audit - Security Access: there is a whole machinery/engine regarding to Access Controls, Caveats, Updating or downgrading the Security Classifications, audits there and also a TIME LIMITED Security Classifications.....

I believe, this is sort of done to match the SharePoint Security Levels and a future CM 9.3 & SP 2016 integrations ....

Now, I have to play with all these security levels for Files, Containers, Users/Locations etc to se the relationships..

Regards

 

 

 

0 Likes
PerthRM8 Outstanding Contributor.
Outstanding Contributor.

Re: TRIM Security Levels and E-Mail message Prefix (SEC, CLAS, TOP SECRET)

Jump to solution

Hi,

I do have another question, as something happened regarding the File/Container's Registration Form in CM9.3, not sure if that happened after I added 4 new SECURITY LEVELS in addition to our "Unrestricted" Security Level , or it came like that in MF CM9.3......So, it is gone in CM9.3 DEV environment ??!!!??

Have a look at this HPE RM8.3 form and a drop menu for SECURITY LEVEL ....

forumMicrofocus6nov2018securityonFILESd.jpg So

 

Now, have a look at the Registration Form for the new FILE/Container in the new DEV 9.3 environment:

fromcorpqueueforumMicrofocus6nov2018securityonFILESd.jpg

There is no SECURITY LEVEL field / drop menu ..... Not sure if this form is changed like this from the moment I installed CM9.3 or this SECURITY LEVEL field was gone when I added 4 new SECURITY LEVELS ... I would appreciate very much if someone from Forum can confirm (If they have similar form)..

On the bottom part of the green screenshot is the registration form I manually modified , when I added the SECURITY LEVEL field/drop menu ...so when I click on the quick select menu, the form for changing / setting up the SECURITY LEVEL opens up and allows us to change the SECURITY LEVEL ....

I am asking this because, while testing, I was saving the test documents in this DEV 9.3 environment but very often the warning would pop-up when i chose the container / file for that document telling me that the document i am registering has higher or lower security level than the file i am placing it into ..... But there is no option for me to change / match up the currently registering document security level with the file I am placing it into ... ..

is this whole situation normal or I am doing something wrong here?

I would appreciated much if someone can please explain it ....

Thanks

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.