Security Profiles

  • Updated

Role Required To create and manage Security Profiles you need to be assigned to the Application Administrator or Records Manager role.

Security Profiles only apply to users with the Records Visitor role in Azure Active directory. Adding a User to a Security Profile does not automatically give the user access to Records365. For more information about assigning roles see User Roles. Any user with the Record Manager or Application Manager Azure AD Role will ignore the permissions defined in a Security Profile.

Introduction

Security Profiles are used to give users with the Records Visitor role elevated privileges to view additional pages or perform additional actions in Records365.

Users with the Record Visitor role by default are only able to view the Record Browse and Advanced Search pages and are not able to perform any actions within Records365. By placing these users in a Security Profile it is possible to give them access to additional pages and the ability to perform certain actions.

A Security Profile can have either Users or Groups from your Azure Active Directory (AAD) added to it. When adding an AAD group all direct members of the group will be assigned the privileges granted by the Security Profile. Nested AAD group (groups within groups) members will not be given additional privileges. Users can be assigned to multiple Security Profiles. Security profiles always grant additional access so a combination of all the users Security Profiles is applied.

Creating and Editing a Security Profile

  1. Click on the Settings icon connectors-settings-cog-1.png in the top right hand corner of Records365.
  2. Under Security, click on Profiles in the left hand navigation pane.
  3. Click the New button to create a new Security Profile or click the Name link of a Security Profile from the grid. Security-Profiles-1.png
  4. The Security Profile page will open.
    1. The Name field is required. This will be the identifier for the Security Profile.
    2. The Description field is optional. This is additional info you can add to a Security Profile describing it in more detail.
      Security-Profiles-2.png
  5. The Members tab displays all the users and groups that have been added to this Security Group. To add a new User or Group click the Add button. The Add Users or Groups pane will open.
    Security-Profiles-3.png
    • Add a User by their UPN, or a Group by it’s Group name.

    A user’s UPN is typically their email address. Please contact your organization’s Identity Administrator to find out what the UPN is for a given User.

    If you are using a non Microsoft Entra Identity Provider the Group field may not be a dropdown. In these cases please ensure that the group name matches the group name you want to use.

  6. The Access Control attribute is optional. Selecting one or more of the view permissions will grant users added to this Security Profile read only access to that functional area of Records365.
    Selecting a Manage permission will grant users added to this Security Profile the ability to view, create, edit or delete (where applicable) the selected functional area of Records365.
    Security-Profiles-4.png

    The following table describes the actions that are granted by each of the Permissions listed under a security profile. Remember, this table only applies to Records Visitor users, and only adds permissions – by default, users with the Records Visitor role will not have access to perform any actions in Records365.

    Permission Name Description
    View Disposals Grants Read-Only access to the Disposal page in the left navigation pane
    Manage Disposals Grants Full access to the Disposal page in the left navigation pane
    View Legal Holds Grants Read-Only access to the Freezes page in the left navigation pane
    Manage Legal Holds Grants Full access to the Freezes page in the left navigation pane
    View File Plans Grants Read-Only access to the File Plan page in the left navigation pane
    Manage File Plans Grants Full access to the File Plan page in the left navigation pane
    View Physical Locations Grants Read-Only access to the Physical Locations page in the left navigation pane
    Manage Physical Locations Grants Full access to Create and Edit Physical Locations in the Locations page
    View Physical Loans Grants Read-Only access to the Loans page in the left navigation pane
    Manage Physical Loans Grants Full access to:
    Create and Edit Physical Loans
    Checkout, Return and Manage Approvals for Physical Loans
    Checkout, Return and Import Physical Records via the Scanning page
    Manage Physical Records Grants Full access to:
    Create and Edit Physical Records in the Browse and Search pages
    Create and Edit Physical Profiles and Fields
    Import and Bulk Edit Physical Records via the Scanning page
    Export Labels
    View Rules Grants Read-Only access to the Rules page in the left navigation pane
    Manage Rules Grants Full access to the Rules page in the left navigation pane
    Approve Disposals Grants access to the Manage Approval action in the Disposal pane, and allows users to approve disposal requests.
    Reschedule Records Grants access to the Reschedule action in the Search and Browse pages
    Resubmit Records Grants access to the Resubmit action in the Search and Browse pages
    View Electronic Records Grants access to Electronic Records in Records365. When users are granted access, users will see all electronic items
    View Physical Records Grants access to Physical Records in Records365. When access is granted, users will only see the records they have access to through Security Trimming
    Search Records Grants access to search and browse records in Records365. When access is granted, users will be able to access the Browse and Search pages
    Export Records Grants access to the Export action in the Advanced Search page, and allows users to export records.
    Manage Classification Intelligence Suggestions Grants access to the Classification and Analytics page in Records365. When access is granted, users will be able to triage through uncategorised documents and view analytics of classification performance.
    Download Electronic Binaries Grants users access to the record binaries page and the ability to download binaries.
    Manage Classification Intelligence Training
    Grants access to the Training page in Records365. When access is granted, the user will be able to update, train and view the ML models used for Classification Intelligence. Additionally, they will have access to the previously trained ML models and the training set used to build those models.

    View Electronic Records and View Physical Records permissions are only available for customers with Security Trimming enabled.

    When creating a Security Profile for Disposal Approvers please ensure that the Security Profile doesn’t have the View Disposals and Manage Disposals permissions selected, otherwise the users will be prevented to access the My Approval View.

  7. Click ‘Save’. Your Security Profile is now ready. Any user listed in the user list who also has the Record Visitor Role in Azure Active Directory will be granted access to Records365 as defined by the Security Profiles they are listed in.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request