| Oracle® Fusion Middleware Setup Guide for Universal Records Management 11g Release 1 (11.1.1) E10640-02 |
|
 Previous |
 Next |
Home > Setup Guide for Universal R... > Summary of Security Rights ...
| Oracle® Fusion Middleware Setup Guide for Universal Records Management 11g Release 1 (11.1.1) E10640-02 |
|
Previous |
Next |
Home > Setup Guide for Universal R... > Summary of Security Rights ...
This chapter provides tables that show the default rights assigned to default roles for different functions in the product. The information here is the same as that described in "Security Classifications Tasks and Defaults for Predefined Roles". It is merely presented in a different manner.
This chapter describes the following topics:
This section describes the default rights and roles for tasks encountered while using Oracle URM.
The default roles are rma (User), rmalocalrecordsofficer (Officer), and rmaadmin (Admin).
The following table describes the default rights assigned to the default roles for tasks involving triggers.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| View information about triggers | Admin.Triggers or Admin.RecordManager | X | X | |
| Create a trigger | Admin.Triggers | X | X | |
| Edit a trigger | Admin.Triggers | X | X | |
| Delete a trigger | Admin.Triggers and Delete permission for the trigger's security group. The Delete permission is not granted by default. | X | X |
The following table describes the default rights assigned to the default roles for tasks involving periods.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| View information about periods | Admin.Triggers or Admin.RecordManager | X | X | |
| Create a period | Admin.RecordManager | X | ||
| Edit a custom period | Admin.RecordManager | X | ||
| Delete a custom period | Admin.RecordManager | X |
The following table describes the default rights assigned to the default roles for tasks involving supplemental markings.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| View information about supplemental markings | Admin.Triggers or Admin.RecordManager | X | X | |
| Enable/disable supplemental markings | Admin.RecordManager | X | ||
| Create/edit a supplemental markings | Admin.RecordManager | X | ||
| Delete a supplemental marking | Admin.RecordManager | X |
The following table describes the default rights assigned to the default roles for tasks involving security classifications.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| View information about classifications | Admin.RecordManager and Admin.SecurityClassifications | X | ||
| Enable/disable classifications | Admin.RecordManager and Admin.SecurityClassifications | X | ||
| Create/edit a classification | Admin.RecordManager and Admin.SecurityClassifications | X | ||
| Delete a classification | Admin.RecordManager and Admin.SecurityClassifications | X | ||
| Reorder security classifications | Admin.RecordManager and Admin.SecurityClassifications | X |
The following table describes the default rights assigned to the default roles for tasks involving security classifications.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| View information about a custom security field | Admin.Triggers or Admin.RecordManager | X | X | |
| Enable/disable custom security fields | Admin.RecordManager | X | ||
| Create/edit a custom security field | Admin.RecordManager | X | ||
| Delete a custom security field | Admin.RecordManager | X |
The following table describes the default rights assigned to the default roles for tasks involving custom metadata fields.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| Create/edit a custom metadata field | Admin.RecordManager | X | ||
| Delete a custom metadata field | Admin.RecordManager | X |
The following table describes the default rights assigned to the default roles for tasks involving classification guides.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| View information about classification guides | Admin.ClassificationGuide | X | X | |
| Create/edit a classification guide | Admin.ClassificationGuide | X | X | |
| Delete a classification guide | Admin.ClassificationGuide | X | X | |
| View information about classification topics | Admin.ClassificationGuide | X | X | |
| Create/edit a classification topic | Admin.ClassificationGuide | X | X | |
| Delete a classification topic | Admin.ClassificationGuide | X | X |
The following table describes the default rights assigned to the default roles for tasks involving freezes.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| View information about freezes | Admin.RecordManager | X | ||
| Create/edit a freeze | Admin.RecordManager | X | ||
| Delete a freeze | Admin.RecordManager and Delete permission for the freeze's security group. The Delete permission is not granted by default. | X | ||
| Send email notification about a freeze | Admin.RecordManager | X |
The following table describes the default rights assigned to the default roles for tasks involving series.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| Browse and view information about freezes | Series.Read | X | X | X |
| Create/edit a series | Series.Create, Series.Edit | X | ||
| Delete a series | Series.Delete | X | ||
| Hide/unhide a series | Series.Hide, Series.Unhide | X | ||
| Move a series | Series.Move | X |
The following table describes the default rights assigned to the default roles for tasks involving retention categories.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| Browse and view information about retention categories, including disposition instructions | Category.Read | X | X | X |
| Create/edit a retention category | Category.Create, Category.Edit | X | ||
| Edit the review information for a retention category | Category.Edit.Review | X | ||
| Delete a category | Category.Delete | X | ||
| Apply disposition instructions to specific records in a category | Category.Edit | X | ||
| Move a category | Category.Move | X |
The following table describes the default rights assigned to the default roles for tasks involving folders.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| Browse and view information about folders | Folder.Read | X | X | X |
| View the life cycle of a folder, the review history of a folder and the metadata history of a folder | Folder.Read | X | X | X |
| Create a folder | Folder.Create | X | X | |
| Edit a folder if author of the folder | Folder.EditIfAuthor | X | ||
| Edit a folder if not author of the folder | Folder.Edit | X | ||
| Edit the review information for a folder | Folder.Edit.Review | X | X | |
| Delete a folder | Folder.Delete | X | ||
| Move a folder | Folder.Edit | X | ||
| Close/unclose a folder | Folder.Open/Folder.Close | X | X | |
| Freeze/unfreeze a folder | Folder.Freeze/Folder.Unfreeze | X | ||
| Cancel or expire a folder | Folder.Edit | X | X | |
| Rescind or make a folder obsolete | Folder.Edit | X | X | |
| Undo a folder's obsolescence status | Folder.Edit | X | X | |
| Undo a folder's cutoff status | Folder.UndoCutoff | X | ||
| Review a folder | Admin.PerformPendingReviews | X | X | |
| Mark a folder as reviewed | Folder.Edit | X | X | |
| Set dates (activation, expiration, delete, and approval) for a folder | Folder.Edit | X | X | |
| Assign or remove supplemental markings on a folder | Folder.Edit | X | X | |
| Apply a disposition rule to one or many folders | Category.Edit | X |
The following table describes the default rights assigned to the default roles for tasks involving content.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| Create or check in an item | Record.Create | X | X | X |
| Search for an item | Record.Read | X | X | X |
| Link items | Record.CreateLink | X | X | X |
| Unlink items | Record.Unlink | X | X | |
| Download a content item for viewing | Record.Read | X | X | X |
| View information about content | Record.Read | X | X | X |
| View the life cycle of an item, the review history of an item, the classification history of an item or the metadata history of an item | Record.Read | X | X | X |
| Edit the review information for an item | Record.EditReview | X | X | |
| Review the classification of an item | Record.Edit | X | X | |
| Delete the metadata history of an item | Record.DeleteHistoryFile | X | X | |
| Delete an item | Record.Delete | X | ||
| Freeze/unfreeze a folder | Record.Freeze/Record.Unfreeze | X | ||
| Cancel or expire an item | Record.Edit | X | X | |
| Rescind or make an item obsolete | Record.Edit | X | X | |
| Undo an item's obsolescence status | Record.Edit | X | X | |
| Move an item to another category or folder. | Record.Edit | X | X | |
| Edit record metadata before cutoff. Note: non-record metadata can be edited after cutoff as well as before. | Record.UndoCutoff | X | ||
| Upgrade or downgrade an item's classification status | Record.Upgrade/Record.Downgrade | X | X | |
| Review an item | Admin.PerformPendingReviews | X | X | |
| Remove supplemental markings | Record.Edit | X | X | |
| Undo the cutoff status of an item | Record.UndoCutoff | X | ||
| Undo the record status of an item | Record.UndoRecord | X |
The following table describes the default rights assigned to the default roles for tasks involving disposition rules.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| View disposition information | Category.Read | X | X | X |
| Enable/disable user-friendly captions | Admin.RecordManager | X | ||
| Create a rule | Category.Create | X | ||
| Edit a rule | Category.Edit | X | ||
| Delete a rule | Category.Delete | X | ||
| Define a custom disposition rule | Admin.CustomDispositionActions | |||
| Disabling a disposition rule | Admin.CustomDispositionActions |
The following table describes the default rights assigned to the default roles for tasks involving archiving.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| Import an archive | Admin.RetentionSchedulesArchive and other rights for specific items in the import | X | ||
| Export an archive | Admin.RetentionSchedulesArchive and other rights for specific items in the export | X |
The following table describes the default rights assigned to the default roles for tasks involving screening.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| Enable/disable user-friendly captions | Admin.RecordManager | X | ||
| Screen a category, folder, or content | Admin.Screening | X |
The following table describes the default rights assigned to the default roles for tasks involving audit trails.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| Configure the audit trail | Admin.Audit | X | ||
| Choose metadata fields to audit | Admin.SelectMeta | X | ||
| Generate and view an audit trail | Admin.Audit | X | ||
| Search an audit trail or an archived audit trail | Admin.Audit | X | ||
| Set default metadata for audit trail check-in | Admin.Audit | X | ||
| Check in and archive audit trail | Admin.Audit, Admin.RecordManager | X |
The following table describes the default rights assigned to the default roles for tasks involving the configuration of links. Rights involved in using links are noted in "Content".
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| Add a custom link type | Admin.ConfigureLinkTypes | X | ||
| Edit a custom link type | Admin.ConfigureLinkTypes | X | ||
| Delete a custom link type | Admin.ConfigureLinkTypes | X |
The following table describes the default rights assigned to the default roles for tasks involving the configuration of reports.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| Create a user, role, group, or user-group report | Admin.Reports | X |
The Rma.Admin.Customization right is required to create custom dispositions, custom reports, or custom barcode actions. This right is not assigned by default to any role.
A detailed knowledge of services and their uses is required in order to customize your system.
The following table describes the default rights assigned to the default roles for tasks involving general product configuration.
| Task | Required RM Right | User | Officer | Admin |
|---|---|---|---|---|
| Set the fiscal calendar | Admin.RecordManager | X | ||
| Perform disposition actions (process events) | Admin.RecordManager | X | ||
| Specify default review recipients | Admin.RecordManager | X |
This section describes the rights and roles for tasks encountered while using Physical Content Management.
The default roles provided with PCM are pcmrequestor (Requestor) and pcmadmin (PCM Admin).
The following table describes the default rights assigned to the default roles for tasks involving physical items.
Note that the ability to freeze or screen physical items are not enabled by default for any role. The menu options to perform these tasks are not visible until those rights are assigned to a role.
| Task | Required RM Right | Requestor | Admin |
|---|---|---|---|
| View information about physical items | PCM.Physical.Read and PCM.Storage.Read | X | X |
| Create (check in) a physical item | PCM.Physical.Create and PCM.Storage.Read | X | X |
| Edit a physical item | PCM.Physical.Edit and PCM.Storage.Read | X | X |
| Move a physical item | PCM.Physical.Edit, PCM.Physical.Move and PCM.Storage.Read | X | |
| Delete a physical item | PCM.Physical.Delete and PCM.Storage.Read | X | |
| Search physical items | PCM.Physical.Read and PCM.Storage.Read | X | X |
| Print labels for physical items | PCM.Admin.PrintLabel | X | |
| Freeze or unfreeze physical items | Record.Freeze/Record.Unfreeze | ||
| To manually override freeze errors | Admin.PerformActions | ||
| To screen for physical items | Admin.Screening |
The following table describes the default rights assigned to the default roles for tasks involving storage locations.
Note that the ability to import a storage hierarchy is not enabled by default for any role. The menu option to perform this task is not visible until that right is assigned to a role.
| Task | Required RM Right | Requestor | Admin |
|---|---|---|---|
| View information about locations | PCM.Storage.Read | X | X |
| Create a location | PCM.Storage.Create | X | |
| Edit a location | PCM.Storage.Edit | X | |
| Delete a location | PCM.Storage.Delete | X | |
| Reserve a location | PCM.Storage.Reserve | X | X |
| Block a location | PCM.Storage.Block | X | |
| Print labels for a location | PCM.AdminPrintLabel | X | |
| Import batch-created storage hierarchy | Admin.RetentionScheduleArchive |
The following table describes the default rights assigned to the default roles for tasks involving the creation of location, media, and object types.
| Task | Required RM Right | Requestor | Admin |
|---|---|---|---|
| Set up location types | PCM.Admin.Manager and PCM.Admin.LocationTypes | X | |
| Set up object types | PCM.Admin.Manager | X | |
| Set up media types | PCM.Admin.Manager | X | |
| Set up custom metadata fields | PCM.Admin.Manager | X |
The following table describes the default rights assigned to the default roles for tasks involving reservations.
| Task | Required RM Right | Requestor | Admin |
|---|---|---|---|
| View reservation information | PCM.Reservation.Read | X | X |
| Create a reservation request | PCM.Reservation.Create | X | X |
| Edit a reservation request | PCM.Reservation.Edit | X | |
| Delete a reservation request | PCM.Reservation.Delete | X | |
| Process a reservation request | PCM.Reservation.Process | X | |
| Run a reservation request report | PCM.Admin.Manager | X | |
| Configure default metadata for reservations | PCM.Admin.Manager | X |
The following table describes the default rights assigned to the default roles for tasks involving chargebacks.
| Task | Required RM Right | Requestor | Admin |
|---|---|---|---|
| Set up chargeback types, payment types, and customers | PCM.Admin.Manager and CBC.ChargeBacks.Admin | X | |
| View information about chargebacks (transactions, invoices, and so on) | PCM.Admin.Manager, CBC.ChargeBacks.Admin and CBC.ChargeBacks.Read | X | |
| Create chargeback items (transactions, invoices, and so on) | PCM.Admin.Manager, CBC.ChargeBacks.Admin and CBC.ChargeBacks.Read | X | |
| Edit chargeback items (transactions, invoices, and so on) | PCM.Admin.Manager, CBC.ChargeBacks.Admin and CBC.ChargeBacks.Edit | X | |
| Delete chargeback items (transactions, invoices, and so on) | PCM.Admin.Manager, CBC.ChargeBacks.Admin and CBC.ChargeBacks.Delete | X | |
| Screen for charges | PCM.Admin.Manager and CBC.ChargeBacks.Admin | X | |
| Browse invoices | PCM.Admin.Manager and CBC.ChargeBacks.Admin | X | |
| Print invoices | PCM.Admin.Manager and CBC.ChargeBacks.PrintInvoice | X | |
| Adjust invoices | PCM.Admin.Manager and CBC.ChargeBacks.Adjust | X |
The following table describes the default rights assigned to the default roles for tasks involving barcodes and barcode labels.
| Task | Required RM Right | Requestor | Admin |
|---|---|---|---|
| Process barcode files | PCM.Barcode.Process | X | |
| Print labels for users, storage locations, and physical locations | PCM.Admin.PrintLabel | X |
