This section covers the following topics:
A context defines how sealed content can be accessed by users and groups.
Contexts are created exclusively from context templates. Nothing in a context can deviate from the definitions set up in the context template. Contexts cannot change the role definitions defined in the context templates.
Note:
Changes made to a context template or role are immediately reflected in the contexts that were created from them.Contexts are created by domain administrators and domain managers, but each context is managed by its context manager, who is usually a business owner (rather than part of the IT organization). Context managers assign roles to users (see Section 3, "Working with Roles"). Users that have not been assigned as context managers cannot assign roles.
Contexts are normally made visible to inspectors, in read-only mode. Inspectors can use their read-only capability to make investigations and to answer queries. Inspectors cannot elevate permissions of users, groups, or special users.
In exceptional circumstances, a context can be made invisible to inspectors. This should be done rarely, for example for contexts relating to highly sensitive mergers and acquisitions.
Because contexts continue to be affected by changes made to the context templates from which they are derived, it is important that domain administrators are normally also made inspectors. This is to enable domain administrators to see all contexts on the server, and so be able to tell which contexts will be affected by changes made to context templates. For the same reason, it is important to make all contexts visible to inspectors unless secrecy is absolutely essential.
A context can be associated with multiple trusted contexts. These are contexts for which certain sealed document activities are allowed. The most common reason to set up trusted contexts is to allow copying and pasting between documents in the current context and documents in the trusted contexts.
Note:
Only domain managers and domain administrators can perform this procedure.Use the following procedure to create a context:
Click the Contexts tab to reveal the Contexts page.
Click the New Context icon.
Complete the New Context wizard, noting the following:
The new context must be based on a context template. Available context templates are shown in the Template drop-down list. Only context templates set as active are listed. Domain administrators can create new context templates and make existing ones active using the Context Templates tab (see Section 4, "Working with Context Templates").
The description will be viewable, for example, when creating other Oracle IRM components that are dependent on this one, so a brief but informative description will prove useful.
You should normally make the context visible to inspectors. This serves two main purposes: to enable domain administrators (who should also be set up as inspectors) to see all contexts, and therefore to predict the effect of changes they make to context templates; and to provide read-only access to help inspectors answer support queries.
The Managers page is used to create one or more context managers for the new context (although the user creating the context is automatically assigned as a context manager). Context managers assign roles to users and are usually business owners.
For global enterprises, use the Translations page to create multi-language descriptions of the context that will be visible to users of Oracle IRM Desktop. If the New Translation icon is not available, translations have not been set up on the Control Console. See Section 1.3.2, "Oracle Enterprise Manager Fusion Middleware Control Console ("The Control Console")".
Use the Review page to review all the attributes that will be assigned to the new context. If there are any attributes that you want to change, use the Back button to return to previous pages and make the required changes.
When you are satisfied with the attributes on the Review page, create the new context by clicking Finish.
The new context appears on the left panel of the Contexts page. The attributes of the context (rights, managers, translations, roles, trusted contexts) are shown on the right panel.
Note:
Normally, only context managers can perform this procedure. However, if contexts have become orphaned, a domain manager or domain administrator can acquire management rights to those contexts. Orphaned contexts are contexts whose managers have been deleted from the identity store (see Section 1.2, "Access to User Details").The following attributes of a context can be modified: rights, managers, translations, exclusions, and trusted contexts.
Use the following procedure to modify a context:
Click the Contexts tab to reveal the Contexts page.
If you are a domain manager or domain administrator, click the Gain Management Rights For All Orphaned Contexts icon, which is in the toolbar on the left panel of the Contexts page.
The icon is shown only to domain managers and domain administrators, and, when clicked, either identifies orphaned contexts and displays them in the list of contexts, or shows a message saying that there are no orphaned contexts.
On the left panel of the Contexts page, select the context that you want to modify.
On the right panel of the Contexts page, locate the attributes of the context that you want to change. These can be in the header, or on the Rights, Managers, Translations, Exclusions, or Trusted Contexts tabs. All context names and descriptions, including those in the default language, can be changed on the Translations tab.
Use the header controls and toolbar icons to add, view, change, or delete attributes, as allowed.
Some modifications are not allowed for some attributes. For example, you cannot remove yourself as the context manager if you are the only context manager.
Note:
Only context managers can perform this procedure.Do not delete a context unless you are sure that it is no longer required.
Caution:
Deleting a context means all documents sealed to the context become inaccessible. If you delete a context accidentally, you can restore it from a database backup (if you have made one), but you cannot simply create a new context with the same name. If you create a new context with the same name, its encryption keys will not match the keys of the deleted context.Use the following procedure to delete a context:
On the left panel of the Contexts page, select the name of the context.
On the right panel, remove all rights on the Rights tab for this context.
In the toolbar in the left panel, select the Delete icon.
In the confirmation dialog, confirm that you want to delete the context.
Note:
Only context managers can perform this procedure.Caution:
Excluded sealed documents cannot be accessed by any user, regardless of the role or the rights assigned to them.Use the following procedure to exclude specific sealed documents from a context:
Click the Contexts tab to reveal the Contexts page.
Select the context for which you want to exclude documents.
On the right panel of the Contexts page, select the Exclusions tab.
A list of all documents currently excluded from the context is shown in the Document table.
Use the Add Documents button to open a dialog through which you can browse to the sealed document that you want to exclude.
Click OK to add the selected sealed document to the exclusion list.
Note:
Only context managers can perform these procedures.A trusted context is one to which users of the current context can export content (copy from a document in the current context and paste into a document in a trusted context).
Note:
In addition to adding a trusted context as described in this procedure, the Exporting Content option must be set to Allow with restrictions on the Constraints tab of the Roles page.A context manager can only add a trusted context that he has rights to see, either by being the context manager in the other context, or by being an inspector. Contexts that are already trusted can be seen in the list regardless of whether the context manager has rights to those contexts.
Use the following procedure to add a trusted context:
Click the Contexts tab to reveal the Contexts page.
On the left panel of the Contexts page, select the context for which you want to set up trusted contexts.
On the right panel of the Contexts page, select the Trusted Context tab.
A list of all trusted contexts for the current context is shown in the table.
Click the New Trusted Context icon to open the New Trusted Context dialog.
The contexts that are available to become trusted contexts are shown in the Available column. If no contexts are listed, it is probably because all contexts are already trusted contexts, or because there are no contexts for which you have context manager or inspector roles in this view.
Move the context(s) that you want to become trusted contexts into the Selected list.
To make the contexts in the Selected list into trusted contexts, click OK.
The Trusted Contexts table is updated to show the new trusted contexts.
Use the following procedure to remove a trusted context:
Click the Contexts tab to reveal the Contexts page.
On the left panel of the Contexts page, select the context from which you want to remove a trusted context.
On the right panel of the Contexts page, select the Trusted Context tab.
On the Trusted Context tab, select the context that you no longer want to be a trusted context.
In the toolbar of the Trusted Context tab, click the Remove icon.
Confirm that you want to remove the trusted context.
Note:
During initial creation of a context, domain managers and domain administrators are assigned as context managers for the context they are creating, and can assign other users to be context managers of that context. Normally, after initial creation of a context, only context managers can perform this procedure. However, if contexts have become orphaned, a domain manager or domain administrator can acquire management rights to those contexts. Orphaned contexts are contexts whose managers have been deleted from the identity store that was referenced during installation (see Section 1.2, "Access to User Details").Use the following procedure to add a context manager:
Click the Contexts tab to reveal the Contexts page.
If you are a domain manager or domain administrator, click the Gain Management Rights For All Orphaned Contexts icon, which is in the toolbar on the left panel of the Contexts page.
The icon is shown only to domain managers and domain administrators, and, when clicked, either identifies orphaned contexts and displays them in the list of contexts, or shows a message saying that there are no orphaned contexts.
On the left panel of the Contexts page, select the context for which you want to add a context manager.
On the right panel of the Contexts page, click the Managers tab.
In the toolbar of the Managers tab, click the New Manager icon to open the New Manager dialog.
On the New Manager dialog, click the Search Users button to populate the Available Users list.
Move the user or users that you want to become context managers of this context into the Selected Users list, then click OK.