3-8 Oracle Fusion Middleware Setup Guide for Universal Records Management ■ Determine how content will be handled. For overview information, see Section 3.9, Configuring Content Triggers, Dispositions, and Freezes and the following chapters for details: – Using triggers to initiate events affecting content. For details, see Section 11.2, Managing Triggers. – Defining the sequence of actions to be performed on items during their life cycle. For details, see Chapter 14, Defining Disposition Instructions. – Inhibiting disposition processing. For details, see Section 15.1.1, Managing Freezes. ■ Establish relationships between content. See the Oracle Fusion Middleware Users Guide for Universal Records Management for details about establishing links between content items. Additional tasks discussed in the Oracle Fusion Middleware Administrators Guide for Universal Records Management include importing and exporting archives and configuring the audit trail, which tracks activities. In addition, workflows can be created to track requests made under the Freedom of Information Act FOIA and Privacy Act PA if that software is enabled. See the Oracle Fusion Middleware Administrators Guide for Universal Records Management for details. After configuring the software, users with the appropriate rights can file, search, and link content and generate retention schedule reports. For more information, see the Oracle Fusion Middleware Users Guide for Universal Records Management. The core processing performed by records administrators during the use and maintenance phases of the content life cycle, such as screening and cycling content, is discussed in the Oracle Fusion Middleware Administrators Guide for Universal Records Management.

3.5 Security Overview

Multiple layers of security are available to control access to content. Permissions and privileges are determined by the intersection of all security mechanisms in place. The strictest setting prevails. See Chapter 5, Setting Up Security for complete details. This section discusses the following topics: ■ Section 3.5.3, Security Roles and Definitions ■ Section 3.5.1, Security Settings ■ Section 3.5.4, Rights for Roles ■ Section 3.5.2, Classification Security Settings

3.5.1 Security Settings

Overall security settings are configured on the Configure Retention Settings Page . The default values on that page are based on the installation level that was chosen. Security preferences set on that page are in addition to those provided with Oracle UCM. PCM security is set using the Oracle URM security measures. Important: After your production environment is underway, we recommend you do not change the security settings for ACLs or the default Oracle UCM security. Doing so can cause unforeseen consequences. Setting Up the Software 3-9 To configure what security settings are enabled, choose Records then Configure then Settings from the Top menu. The Configure Retention Settings Page opens. ■ To use Access Control List Security, select ACL-based security. ■ To activate the default security, select Default Content Server security on Categories, Folders, and Triggers . ■ Required for DOD 5015.2 compliance: To use supplemental markings, select Supplemental Marking . For more information, see Section 6.1.1, Supplemental Markings Details. To make users match all supplemental markings, select User must match all Supplemental Markings . To allow a user to match only one supplemental marking, deselect the checkbox. ■ To create custom security fields, select Custom Security Fields. ■ To use classified security, select Classified Security. For more information, see Section 6.2.1, About Records Classification. When done, click Submit Update.

3.5.2 Classification Security Settings

Supplemental markings, classifications, and classification guides provide further security and are used to organize documents that are considered classified, for either government or corporate purposes. See Chapter 6, Additional Security Settings for complete details about additional security settings. This section covers the following topics: ■ Section 3.5.2.1, Supplemental Markings ■ Section 3.5.2.2, Security Classifications ■ Section 3.5.2.3, Classification Guides

3.5.2.1 Supplemental Markings

To disable use of supplemental markings as a security feature, deselect the Supplemental Markings box on the Configure Retention Settings Page and do not assign the markings to users. When supplemental markings are assigned to users, even if a user has access to a specific record folder, the supplemental marking further restricts access to record folders and content. In circumstances where a record folder or item has multiple supplemental markings, it can be required that a user match all assigned supplemental markings to access the item. When Match All is disabled, if a user matches just one of the multiple supplemental markings, the user can access the object. Two special supplemental markings, Restricted and Formerly Restricted, can be used to disable the following classification-related metadata fields on the content check-in and metadata update pages: ■ Declassify on event ■ Declassify on date ■ Downgrade instructions ■ Downgrade on event ■ Downgrade on date 3-10 Oracle Fusion Middleware Setup Guide for Universal Records Management You can enable and disable supplemental markings at any time. To enable markings, select Supplemental Markings on the Configure Retention Settings Page . See Chapter 6, Additional Security Settings for details.

3.5.2.2 Security Classifications

Security classification can be an additional way to restrict access to content by using supplemental markings and custom security fields. Several classification features are available to handle and process classified content in accordance with the Chapter 4 requirements of the DoD 5015.2 specification. Several built-in classifications Top Secret, Secret, and Confidential are available, but custom classifications can also be created. For details, see Section 6.2.2.2, Creating or Editing a Custom Security Classification. Content is either classified, unclassified, or declassified. Classified content has an initial classification and a current classification. Unclassified content is not and has never been classified. Declassified content was formerly classified. The standard security categories classification scheme, from highest to lowest, are Top Secret , Secret, Confidential, and No markings that is, unclassified. Like supplemental markings, classified security can be enabled or disabled at any time. After enabling, custom security classifications can be created. If any additional security classifications are created, indicate the classification place within the marking hierarchy. For further information, see Section 6.2.2.3, Setting the Order of Security Classifications. To enable security, select Classified Security on the Configure Retention Settings Page . Click Submit.

3.5.2.3 Classification Guides

Classification guides and their associated topics enable convenient implementation of multiple classification schemes. They are used to define default values for classification-related metadata fields on the content check-in page such as: ■ Initial Classification: xInitial Classification ■ Reasons for classification: xClassificationReason ■ Declassify exemption category: xDeclassifyExemptionCategory ■ Declassify on event: xDeclassifyOnEventDescription ■ Declassify on date: xDeclassifyOnDate Using classification guides makes checking in classified content easier and more consistent, with similar content having the same classification metadata. Classification guides can be further refined by adding topics within a guide. For complete details, see Section 6.4.2.4, Creating or Editing a Classification Topic.

3.5.3 Security Roles and Definitions

The following security elements are used to define user roles and permissions: Caution: Disabling classified security puts sensitive classified information at risk of being accessed by unauthorized people. After your classified security is in force, it is recommended that you do not disable it. Setting Up the Software 3-11 ■ Predefined user roles, discussed in detail in Section 5.2, Roles. Each of these predefined roles comes with a default set of permissions and rights, but these can be modified to suit specific needs. These include the following roles: – rma , generally assigned to basic users. It allows them to perform basic management tasks. In this documentation, Records User is a term used to designate the person given this role. – rmalocalrecordsofficer , generally assigned to users who need access to additional functionality for example, creating triggers or folders, and modifying content attributes. In this documentation, Records Officer is a term used to designate a person given this role. In previous versions of this product, this was the Records Privileged role. – rmaadmin , generally assigned to administrators who set up and maintain the infrastructure and environment. In this documentation, Records Administrator is a term used to designate the person given this role. – pcmrequestor , generally assigned to users who have all the permissions assigned to basic users without a PCM role but are also granted additional rights to perform some functions not allowed for basic users for example, making reservations for physical items. Users with the pcmrequestor role have read and write permissions RW for the special RecordsGroup security group. In this documentation, PCM Requestor is a term used to designate a person given this role. – pcmadmin , generally assigned to administrators who are responsible for setting up and maintaining the physical content management infrastructure and environment. These users have the widest range of rights to perform physical content management tasks for example, setting up the storage space, editing and deleting reservations, and printing user labels. Users with the PCM Administrator role have read, write, delete, and admin permissions RWDA for the special RecordsGroup security group. In this documentation, PCM Administrator is a term used to designate a person given this role. ■ Rights control access to functions assigned to user roles. The predefined roles have a default set of rights assigned to them, but the rights can be modified to restrict or expand their access to functions. For details, see Section 5.11, Assigning Rights to User Roles. ■ Security groups define security on a group of content. This software comes with a predefined security group called RecordsGroup. Users with the predefined Records User or Records Officer roles have read and write permission RW to the RecordsGroup security group. Users with the Records Administrator role have read, write, delete, and admin permission RWDA to this security group. For details, see Section 5.6, Security Groups. ■ Access control lists ACLs manage the security model on dispositions ACLs are an optional feature available during configuration.ACLs can be assigned to folders, triggers, and retention categories. ACLs are used to control user and group access permissions for triggers, categories, and folders. The ACL can be assigned for each category, folder, and trigger that is created. For details, see Section 5.8, Access Control Lists ACLs.

3.5.4 Rights for Roles