6-2 Oracle Fusion Middleware Setup Guide for Universal Records Management ■ Deleting a Classification Guide on page 6-25 ■ Viewing Classification Guide Information on page 6-26 ■ Creating or Editing a Classification Topic on page 6-26 ■ Editing Classification Topic Settings on page 6-27 ■ Deleting a Classification Topic on page 6-28 ■ Table 6.4.2.7, Viewing Classification Topic Information Examples ■ Simple Custom Security Field Example on page 6-21

6.1 Supplemental Markings

Supplemental markings can be assigned to content and record folders to clarify document handling in addition to standard document classification. For example, you can add supplemental markings such as Restricted Data or Originator Controlled. Or you can use supplemental markings in collaboration projects. Only people with specific markings will be able to access a group of content. Supplemental markings can be set at both the record folder and the content level. This section covers the following topics: ■ Supplemental Markings Details on page 6-2 ■ Managing Supplemental Markings on page 6-4

6.1.1 Supplemental Markings Details

In addition to using supplemental markings as a means of clarifying document handling, supplemental markings can be used as a security feature to further restrict users from accessing record folders and content. To disable the use of supplemental markings as a security feature, clear the Supplemental Markings box on the Configure Retention Settings Page and do not assign the markings to users. When supplemental markings are assigned to users, even if a user has access to a specific record folder, the supplemental marking further restricts access to folders and content. In circumstances where a folder or content has multiple supplemental markings, it can be required that a user match all assigned supplemental markings to access an item or record folder. When ‘match all’ is disabled, if a user matches just one of the multiple supplemental markings, the user can access the content or record folder object. Additional Security Settings 6-3 Figure 6–1 User Must Match All Supplemental Markings For example, in the diagram above, the user is assigned the supplemental markings RD and ORCON. The folder is marked with ORCON, therefore the user can access the folder. The content within the folders are assigned one or more of the markings, RD, PT, and AU. If the security configuration for supplemental markings is set to force the user to match all supplemental markings, then the user can access the folder marked ORCON and its child Item 1 marked with the supplemental marking RD. Because the user has not been assigned the supplemental marking PT or AU, the user cannot access Item 2, which has the multiple markings RD and PT, nor can the user access Item 3 with the marking AU. Figure 6–2 User Must Match at Least One Supplemental Marking If the supplemental marking security configuration is not forcing a user to match all markings, then the user can now access Item 2, because the user matches at least one marking RD on the Item 2. Because the user has not been assigned the supplemental marking AU, the user still cannot access Item 3, which has the supplemental marking AU. The user would have to be assigned the supplemental marking AU in the User Admin application to access the item. Supplemental markings are not inherited by record folders or content. Markings are checked at every folder and item level. Supplemental markings do not have any permissions hierarchy. All markings have equal permissions: access granted or access denied to users. In contrast, the classified security does have a hierarchy to its 6-4 Oracle Fusion Middleware Setup Guide for Universal Records Management classification levels. For further information, see Classified Records Security Hierarchy on page 6-10. Two special supplemental markings, Restricted and Formerly Restricted, can be used to disable the following classification-related metadata fields on the content check-in and metadata update pages: ■ Declassify on event ■ Declassify on date ■ Downgrade instructions ■ Downgrade on event ■ Downgrade on date To work with supplemental markings, you must have one of the following rights: ■ Admin.Triggers : This right enables you to view information about supplemental markings. ■ Admin.RecordManager : In addition to viewing information about supplemental markings, this right also enables you to create add, edit, and delete supplemental markings. Optionally, the following right may be useful for working with supplemental markings: ■ Record.Edit : This right is required to use metadata disabling based on supplemental markings.

6.1.2 Managing Supplemental Markings