B.3 Roles Page

The following pages and wizards are used to create, modify, set options and enter data for roles in Oracle IRM:

Roles Page: General Controls
Roles Page: Features
Roles Page: Translations
Roles Page: Constraints
New Role Wizard

B.3.1 Roles Page: General Controls

Use these controls to create, copy, and delete roles, and to refresh the list of roles. Roles are created by domain administrators.

Access these controls from the Roles tab.

Left-panel controls

Roles page, left panel

Element	Description
New Role (icon)	Select to open the New Role wizard.
Copy (icon)	Immediately creates a copy of the role currently highlighted in the list of roles in the left panel.
Refresh (icon)	Select to refresh the list of roles in the left panel. You should do this to ensure that the list is showing roles that may have been created or deleted by other users.
Delete (icon)	Select if you want to delete the role currently highlighted in the left panel. A dialog will ask you to confirm the deletion.
Name	Lists all existing roles. Three standard roles are included at the time of installation. These can be used as supplied, modified before use, or deleted if not required. Contributor with export: This role will not significantly restrict the use of sealed documents. Users given this role will be able to create, open, search, edit, and print all documents. Users will also be able to copy information to contexts on this server that have been set up as trusted contexts, and in which they have edit rights. Very importantly, users given this role will be able to create unsealed versions of documents. Reader with export: This role will not allow creation of sealed documents, but it will not significantly restrict what users can do to sealed documents that they are given access to. Users given this role will be able to open, search, and print all documents. They will also be able to reply to sealed email, with edits tracked. Very importantly, users given this role will be able to create unsealed versions of documents. Reader without print: This role will give significant protection to sealed documents. Users given this role will be able to open and search all documents. They will also be able to reply to sealed email, with edits tracked.

Right-panel controls

Roles page, right panel

Element	Description
Revert	Select to cancel the changes made on this page. Does not work after the Apply button has been used.
Apply	Select to apply the changes made on this page. Once selected, the changes cannot be reverted, except by making and applying new changes.
Name (display)	Displays the name of the role currently highlighted in the list in the left panel. You can change the name on the Translations tab.
Description (display)	Displays the description of the role currently highlighted in the list in the left panel. You can change the description on the Translations tab.
Collapse Pane/Restore Pane control	Select to hide or show the header display area.

B.3.2 Roles Page: Features

Use this tab to assign and remove sealing features for the role.

For a role to be valid, at least one of the following features must be assigned: open, seal, reseal, search, copy to, save unsealed.

Access this tab from the Roles page.

Features tab

Element	Description
Audit Use	Check this box if you want the use of this role to be recorded.
Available	This box lists all sealing features that are not currently assigned to the role. Highlight the sealing features in this box that you want to move to the Selected box.
Move, Move All, Remove, Remove All	Use these controls to move sealing features between the Available and Selected boxes. The Move control and the Remove control will become available only when individual features have a check mark against them, and will affect only those features.
Selected	This box lists the sealing features that are currently assigned to the role, or that will be once they are applied (by clicking the Apply button). The presence or absence of check marks does not have any effect on this.
Details	This display area shows the details of any feature individually selected in the Available or Selected boxes.

B.3.3 Roles Page: Translations

Use this page to:

Add names and descriptions of the current role in alternative languages (that is, alternative to the default language).
Edit existing names and descriptions.
Delete alternative names and descriptions that are no longer required.

Access this tab from the Roles page.

Translations tab

Element	Description
New Translation (icon)	Select to open the New Translation dialog, through which names and descriptions can be added for alternative languages. This is available only if multiple language support has been set up on the Control Console.
Edit (icon)	Select to edit the language details currently highlighted in the Translations table.
Remove (icon)	Select to remove the language details currently highlighted in the Translations table. A dialog will ask you to confirm the removal. You cannot remove the default language details.
Language	This column identifies the language for which the alternative name and description have been provided.
Default language (indicator)	This indicator against a language name shows that it is the default language. The default language is set on the Control Console. This is the language that is used in locales for which no alternative has been provided. You cannot remove this language from the Translations table.
Name	For each language, this column shows the name provided.
Description	For each language, this column shows the description provided.

B.3.4 Roles Page: Constraints

Use this tab to specify time and other constraints for the role.

Access this tab from the Roles page.

Constraints tab

Element	Description
Offline Access	Allow working offline Check this box to allow users to work on sealed documents even when they have no connection to the server (Oracle IRM Server). The maximum length of time that the user can work offline is the same as the rights refresh period (see below).
Rights Refresh Period	Use this drop-down list to select the maximum length of time that users can use rights before they are refreshed from the server. When the rights are refreshed, any new permissions or restrictions are applied. The periods available here are set up on the Control Console. Unless they have been changed from the defaults, the periods that you can choose from are 10 days, 3 days, 24 hours, 3 hours, and 10 minutes. Short refresh periods will generate more traffic between client and server than long refresh periods, which may be a consideration if bandwidth is restricted.
Time Access	You can permit access to the sealed content covered by this role at all times, or during specific periods. The default is for sealed content to be accessible at all times (to those with the right to access it). Select from the following: Accessible at all times Select this option if you want access to sealed content without time constraints. Within period after role assignment Select this option if you want access restricted to a specific period after the role has been assigned to a user (that is, when a right has been created). You can choose a number of seconds, minutes, hours, days, months, or years using the controls that will appear when you select this option. Within period after document sealed Select this option if you want access restricted to a specific period after a document has been sealed. You can choose a number of seconds, minutes, hours, days, months, or years using the controls that will appear when you select this option. Role active during time period Select this option if you want to allow access to sealed content between two calendar dates. Controls will appear when you select this option: enter the start and end dates directly, or use the calendar controls to select the dates.
Document Access	When creating and managing rights, it is possible to apply those rights to specific documents within a context, rather than to all documents within a context. Specify by including documents Check this box to require the listing of documents to which rights do apply.
Exporting Content	Use these options to allow or disallow export of content (by copying through the clipbboard or by saving a sealed file as an unsealed file). The default is to not allow export of content from sealed documents. Do not allow Choose this option if you want no export of content from sealed documents accessed by this role. Allow with restrictions Choose this option if you want to allow export of content to trusted contexts. See Section B.2.6, "Contexts Page: Trusted Contexts". Allow with no restrictions Choose this option only if you want to allow export of content from sealed documents accessed by this role. This effectively allows a user assigned this role to remove protection from sealed documents. This option should be chosen only after careful consideration of the consequences.

B.3.5 New Role Wizard

Use this wizard to create a new role. Roles are created by domain administrators.

Open the wizard by clicking the New Role icon in the left panel of the Roles page.

B.3.5.1 New Role: General

Use this page to name and describe a new role.

This page opens by default as the first page of the New Role wizard. It can also be opened by selecting the General node in the wizard header.

New Role wizard general

Element	Description
Name Description	Enter a name and description for the new role. The description will be viewable, for example, when creating other Oracle IRM components that are dependent on this one, so a brief but informative description will prove useful. You should enter the name and description in the default language, as shown against Language on this wizard page. The default language was set up on the Control Console, and is the language that is used in locales for which no specific translation has been provided. You will be able to provide names and descriptions in other languages on the Translations page of this wizard, if multiple language support has been set up on the Control Console.
Language	Shows which language has been set on the Control Console as the default language.

Element

Description

Name

Description

Enter a name and description for the new role.

The description will be viewable, for example, when creating other Oracle IRM components that are dependent on this one, so a brief but informative description will prove useful.

You should enter the name and description in the default language, as shown against Language on this wizard page. The default language was set up on the Control Console, and is the language that is used in locales for which no specific translation has been provided.

You will be able to provide names and descriptions in other languages on the Translations page of this wizard, if multiple language support has been set up on the Control Console.

Language

Shows which language has been set on the Control Console as the default language.

B.3.5.2 New Role: Translations

Use this page to provide names and descriptions of the new role in alternative languages (that is, alternative to the default language).

The name and description that you entered for the default language will already be shown on this page.

This page opens as the second page of the New Role wizard. It can also be opened by selecting the Translations node in the wizard header.

New Role wizard translations

Element	Description
New Translation (icon)	Select to open the New Translation dialog, through which names and descriptions can be added for alternative languages. This is available only if multiple language support has been set up on the Control Console.
Edit (icon)	Select to edit the language details currently highlighted in the Translations table. You cannot change the language associated with an existing name or description.
Remove (icon)	Select to remove the language details currently highlighted in the Translations table. A dialog will ask you to confirm the removal. You cannot remove the default language details.
Language	This column identifies the languages for which names and descriptions have been provided.
Default language (indicator)	This indicator against a language name shows that it is the default language. The default language is set on the Control Console. This is the language that is used in locales for which no alternative has been provided. You cannot remove this language from the Translations table.
Name	For each language, this column shows the name provided.
Description	For each language, this column shows the description provided.

B.3.5.3 New Role: Features

Use this page to assign and remove sealing features for the role. Features control the ability of users to create and use sealed documents. These features equate to "rights" in Oracle IRM Desktop.

For a role to be valid, at least one of the following features must be assigned: open, seal, reseal, search.

This page opens as the third page of the New Role wizard. It can also be opened by selecting the Features node in the wizard header.

New Role wizard features

Element	Description
Available	This box lists all sealing features that are not currently assigned to the role. Select each one to see its description in the Details area. Highlight the features in this box that you want to move to the Selected box.
Move, Move All, Remove, Remove All	Use these controls to move features between the Available and Selected boxes. The Move control and the Remove control will become available only when individual features have a check mark against them, and will affect only those features.
Selected	Sealing features listed in this box will be applied to the role when the wizard is completed. The presence or absence of check marks does not have any effect on this.
Audit Use	Check this box if you want to the use of this role to be recorded.
Details	This display area shows the details of any feature individually selected in the Available or Selected boxes.

B.3.5.4 New Role: Constraints

Use this page to specify time and other constraints for the role.

This page opens as the fourth page of the New Role wizard. It can also be opened by selecting the Constraints node in the wizard header.

New Role wizard constraints

Element	Description
Offline Access	Allow working offline: Check this box to allow users to work on sealed documents even when they have no connection to the server (Oracle IRM Server). The maximum length of time that the user can work offline is the same as the rights refresh period (see below).
Rights Refresh Period	Use this drop-down list to select the maximum length of time that users can use rights before they are refreshed from the server. When the rights are refreshed, any new permissions or restrictions are applied. The periods available here are set up on the Control Console. Unless they have been changed from the defaults, the periods that you can choose from are 10 days, 3 days, 1 day, and 3 hours. Short refresh periods will generate more traffic between client and server than long refresh periods, which may be a consideration if bandwidth is restricted.
Time Access	You can permit access to the sealed content covered by this role at all times, or during specific periods. The default is for sealed content to be accessible at all times (to those with the right to access it). Select from the following: Accessible at all times: Select this option if you want access to sealed content without time constraints. Within period after role assignment: Select this option if you want access restricted to a specific period after the role has been assigned to a user (that is, when a right has been created). You can choose a number of seconds, minutes, hours, days, months, or years using the controls that appear when you select this option. Within period after document sealed: Select this option if you want access restricted to a specific period after a document has been sealed. You can choose a number of seconds, minutes, hours, days, months, or years using the controls that appear when you select this option. Role active during time period: Select this option if you want to allow access to sealed content between two calendar dates. Controls will appear when you select this option: enter the start and end dates directly, or use the calendar controls to select the dates.
Document Access	When creating and managing rights, it is possible to apply those rights to specific documents within a context, rather than to all documents within a context. Specify by including documents: Check this box to require the listing of documents to which rights do apply.
Exporting Content	Some sealing features control the exporting of content from a sealed document. Such export behavior can be permitted or denied on a feature-by-feature basis, or you can use these Exporting Content options to allow or disallow export of content on a broad basis. The default is to not allow export of content from sealed documents. Do not allow: Select this option if you want no export of content from sealed documents accessed by this role. Allow with restrictions: Select this option if you want to allow export of content to trusted contexts. See Section B.2.6, "Contexts Page: Trusted Contexts". Allow with no restrictions: Select this option if you want to allow export of content from sealed documents accessed by this role.

B.3.5.5 New Role: Summary

Use this page to review the choices made and information entered on the previous wizard pages.

This page opens as the final page of the wizard. It can also be opened by selecting the Review node in the wizard header.

New Role wizard review

If you are not satisfied with the choices and entries shown on the Summary page, use the Back button to return to the wizard pages and make changes.

If you are satisfied with the choices and entries shown on the Summary page, create the new role by clicking the Finish button.