5-4 Oracle Fusion Middleware Setup Guide for Universal Records Management Each of these predefined roles comes with a default set of permissions and rights, but these can be modified to suit specific needs. New roles and management rights can be created. This functionality enables provides the opportunity for a very granular security model. Role permissions are additive, just as in Oracle UCM. If your organization uses accounts, the accounts are a hierarchical overlay to your current security model. Access to the majority of functions is controlled by rights assigned to user roles. The predefined management roles each have a default set of rights assigned to them, but the roles can easily be modified to restrict or expand their access to management functions see Assigning Rights to User Roles on page 5-18 for details. To see what roles are assigned to a user, click the user name in the top upper right corner of the screen. The roles assigned to the logged-in user are displayed at the top of the User Profile information. To see rights assigned to the logged-in user, click Records then Rights from the Top menu. The Assigned Rights Page is displayed. This screen shows the rights assigned to the current user for the enabled components. To view details about each component, click the Show link for that component. To view details about all rights, click the Show All Rights link at the top of the screen. To hide rights again, click the Hide link in the component section or at the top of the screen. For information about adding new roles and assigning roles to users, see the Oracle Fusion Middleware System Administrators Guide for Content Server.

5.3 Tasks and Default Rights for Roles

If the Related Content component is enabled, the Record.CreateLink and Record.Unlink rights are set by default for users. The ability to browse and view the retention schedule not only depends on assigned rights, but also on any other applied security features, such as supplemental markings and access control lists ACLs. See Chapter 10, Setting Up a Retention Schedule for details about retention schedules. See Chapter 6, Additional Security Settings and Access Control Lists ACLs on page 5-16 for further details. The following sections give more detailed information about common tasks that can be performed and the rights required to perform each task. See each designated chapter for further details about the specific permissions required for individual tasks. See Appendix B, Summary of Security Rights and Roles for this information presented in tabular form.

5.3.1 Trigger Tasks and Defaults for Predefined RM Roles

For more information about triggers, see Chapter 11, Setting up Triggers . ■ To view information about triggers, the Admin.Triggers right or the Admin.RecordManager right is required. These rights are assigned by default to the Records Officer and Records Administrator roles. Important: This section describes the default configuration. The security model is highly customizable, which means it can be modified to suit the needs of your specific environment. Setting Up Security 5-5 ■ To create a trigger or edit a trigger, the Admin.RecordManager right is required to perform these tasks. This right is assigned by default to the Records Officer and Records Administrator roles. ■ To delete a trigger, the Admin.Triggers right and Delete permission for the trigger’s security group is required. This right is assigned by default to the Records Officer delete permission not granted by default and Records Administrator roles.

5.3.2 Time Period Tasks and Defaults for Predefined Roles

For more information, see Chapter 12, Configuring Time Periods . ■ To view information about time periods, the Admin.Triggers or Admin.RecordManager is required. These rights are assigned by default to the Records Officer and Records Administrator roles. ■ To create, edit, or delete a time period, the RM Admin.RecordManager right is required. This right is assigned by default to the Records Administrator role.

5.3.3 Supplemental Markings Tasks and Defaults for Predefined Roles

For more details, see Chapter 6, Additional Security Settings . ■ To view information about supplemental markings, the Admin.Triggers or Admin.RecordManager right is required. These rights are assigned by default to the Records Officer and Records Administrator roles. ■ To create, enable, disable, edit, or delete a supplemental marking, the Admin.RecordManager right is required. This right is assigned by default to the Records Administrator role.

5.3.4 Security Classifications Tasks and Defaults for Predefined Roles