5-22 Oracle Fusion Middleware Setup Guide for Universal Records Management ■ Audit : allows a user to work with audit trials. ■ ConfigureLinkTypes : allows a user to manage custom content links. ■ AllowDispositionUpgradeDowngrade : allows a user to perform upgrade and downgrade classification actions. See the Oracle Fusion Middleware Administrators Guide for Universal Records Management for more details about screening, creating reports, audits, archives, and configuring link types. The following rights are not assigned by default to any role. ■ NoPostFilterSearch : allows users to unfilter search results. The results include content the user has no access to based on security classifications, supplemental markings, custom security fields, and ACLs. If the user has no access to a content item in the search results, clicking on it results in an access denied error. By enabling this option, search queries are executed much faster because no complex post-filtering must be performed. Users with this right can still only access content items they have been explicitly granted access privileges to based on security groups and accounts. They will see other results in the search results list, but cannot access them. However, they will see some metadata information about the content item for example, their title, which may interfere with an organization’s security model. ■ NoSecurity : allows users to become immune to security classifications, supplemental markings, custom security fields, and ACLs. Their access to content is unrestricted by these security features. In addition, this option turns off search post-filtering, so search results include content the user has not been explicitly granted access to. For example, a user would have access to content marked as Top Secret even if that security classification has not been assigned to the user. This right can be used to give sysadmins the privilege to access every content item in the system. Access to content items continues to be restricted by security groups and accounts. ■ CustomDispositionActions : allows users to define custom disposition actions or to delete any disposition action. See Appendix C, Customizing Your System for details. ■ SecurityClassifications : new installs only. If enabled with the Admin.RecordManager option, the user is allowed to set up security classification levels. See Security Classifications on page 6-8. This box is only available if the ‘Classified Security’ option has been enabled. ■ GetAllFilePlan : allows a user to get all series, categories, and folders when the GET_FILE_PLAN_ALL service is called. Without this right, inaccessible objects are excluded. The service is typically used by Oracle URM Adapters.

5.12.6 CBC Tab

Chargebacks are used with Physical Content Management, which is only available when that software is enabled. Important: When a user has Admin permission to a security group but does not have the Admin.SelectAuthor right, the user is still able to select an author at checkin. The Admin.SelectAuthor right is used only to add that functionality to a user who does not have Admin permission to a group. Setting Up Security 5-23 The following rights are assigned by default to the PCM Administrator role: ■ ChargeBacks.Read : allows the user to view information about chargeback-related items transactions, invoices, and so on. ■ ChargeBacks.Create : allows a user to create chargeback-related items. ■ ChargeBacks.Edit : allows a user to edit chargeback-related items. ■ ChargeBacks.Delete : allows users to delete chargeback-related items. ■ ChargeBacks.PrintInvoices : allows users to print invoices. ■ ChargeBacks.MarkPaid : allows users to mark invoices as paid. ■ ChargeBacks.Adjust : allows users to manually adjust invoices. ■ ChargeBacks.Admin : allows users to perform administrative tasks such as define new payment types, define customers, and so on.

5.12.7 PCM Tab

The following rights are assigned by default to the PCM Requestor and PCM Administrator roles: ■ Physical.Read : allows the user to view information about physical items. ■ Physical.Create : allows a user to create physical items. ■ Physical.Edit : allows a user to edit physical items. ■ Storage.Read : allows users to view information about a storage location. ■ Storage.Reserve : allows users to reserve a storage location. ■ Reservation.Read : allows users to view information about reservations. ■ Reservation.Create : allows users to create reservations. ■ Reservation.Edit : allows users to alter reservations. The following rights are assigned by default to the PCM Administrator role only: ■ Physical.Move : allows users to move a physical item change the location ■ Physical.Delete : allows users to delete physical items. ■ Storage.Create : allows users to create new storage. ■ Storage.Edit : allows users to edit an existing storage location. ■ Storage.Delete : allows users to delete a storage location. ■ Storage.Block : allows users to block or unblock a storage location. ■ Reservation.Delete : allows users to delete reservations. ■ Reservation.Process : allows users to process reservations by modifying the status of request items. ■ Barcode.Process : allows users to process barcode files. ■ Admin.Manager : allows a user to access all of PCM’s administrative functions. ■ Admin.Location.Types : allows users to configure location types, providing the user also has the Admin.Manager right. ■ Admin.PrintLabel : allows users to generate labels for users, locations, and physical items. 5-24 Oracle Fusion Middleware Setup Guide for Universal Records Management

5.12.8 ECM Tab