5-20 Oracle Fusion Middleware Setup Guide for Universal Records Management ■ Delete : allows a user to delete a retention category. ■ Move : allows a user to move a retention category. ■ Edit : allows a user to edit a retention category. ■ Edit Review : allows a user to edit a retention category that is subject to review.

5.12.3 Folder Tab

For more information about folders, see the Oracle Fusion Middleware Administrators Guide for Universal Records Management. The following rights appear on the Folder tab of the Edit Rights Page : ■ Read : allows the user to view information about a folder. It is assigned by default to the Records User, Records Officer, and Records Administrator roles. ■ EditIfAuthor : allows a user to edit a folder, but only if the user is the author of that folder. It is not assigned by default to any role. The following rights are assigned by default to the Records Officer and Records Administrator roles: ■ Create : allows a user to create a folder. ■ OpenClose : allows a user to open or close a folder. ■ Edit Review : allows a user to edit a folder that is subject to review. ■ Move : allows a user to move a folder. The following rights are assigned by default to the Records Administrator role: ■ Edit : allows a user to edit a folder, even if the user is not the author of that folder. ■ UndoCutoff : allows a user to undo the cutoff of a folder. ■ Delete : allows a user to delete a folder. ■ Freeze Unfreeze: allows a user to freeze and unfreeze a folder.

5.12.4 Record Tab

The following rights appear on the Record tab of the Edit Rights Page . These rights are assigned by default to the Records User, Records Officer, and Records Administrator roles: ■ Read : allows the user to view information about an item. ■ CreateLink : allows the user to link content items. See the Oracle Fusion Middleware Users Guide for Universal Records Management for details. ■ Create : allows a user to create content or check it in to the retention schedule. For details, see the Oracle Fusion Middleware Users Guide for Universal Records Management. ■ Unlink : allows a user to unlink content. See the Oracle Fusion Middleware Users Guide for Universal Records Management for details. The following rights are assigned by default to the Records Officer, Records User, and Records Administrator roles: ■ Edit : allows the user to edit content, including moving, canceling, expiring, rescinding, making obsolete, and reviewing. ■ EditReview : allows a user to edit content that is subject to review. Setting Up Security 5-21 ■ DeleteHistoryFile : allows a user to delete the metadata history file of content. This box is only available if the ‘Classified Security’ option has been enabled. ■ UpgradeDowngrade : allows a user to upgrade and downgrade the security classification of content. This box is only available if the ‘Classified Security’ option has been enabled on the Configure Retention Settings Page . The following rights are assigned by default to the Records Administrator role: ■ UndoCutoff : allows a user to undo the cutoff of an item. ■ Delete : allows a user to delete content within the retention schedule. ■ FreezeUnfreeze : allows a user to freeze and unfreeze content. ■ UndoRecord : allows a user to undo the status of content.

5.12.5 Admin Tab

The following rights appear on the Admin tab of the Edit Rights Page . ■ PerformPendingReviews : allows a user to perform pending reviews. This right is assigned by default to the Records Officer, Records User, and Records Administrator roles. See the Oracle Fusion Middleware Administrators Guide for Universal Records Management for more details. ■ PrivilegedEnvironment : allows a user to set the declassification time frame see Setting the Declassification Time Frame on page 6-14. This right is assigned by default to the Records Officer and Records Administrator roles. This box is only available if the ‘Classified Security’ option has been enabled on the Configure Retention Settings Page . ■ ClassificationGuide : allows a user to work with classification guides. This right is assigned by default to the Records Officer and Records Administrator roles. ■ Triggers : allows the user to work with global triggers, custom direct triggers, and indirect triggers. See Chapter 11, Setting up Triggers . To delete a trigger, Delete permission D for the trigger’s security group is also required. This right is assigned by default to the Records Officer and Records Administrator roles. ■ ShareFavorites : allows users to share the contents of their Favorites list with other users. This right is assigned by default to the Records Officer and Records Administrator roles. The following rights are assigned by default to the Records Administrator role: ■ RecordManager : allows a user to configure several settings and also set up and administer periods, supplemental markings, security classifications, custom security fields, custom category and folder metadata fields, classification guides and freezes. ■ Screening : allows a user to screen retention categories, folders, and content. ■ PerformActions : allows a user to process content assignments. ■ SelectMeta : allows a user to specify metadata fields to be audited. ■ Reports : allows a user to generate user and group reports. ■ RetentionScheduleArchive : allows a user to import and export a retention schedule archive. ■ SelectAuthor : allows a user to select a different filer author for a category than himherself. 5-22 Oracle Fusion Middleware Setup Guide for Universal Records Management ■ Audit : allows a user to work with audit trials. ■ ConfigureLinkTypes : allows a user to manage custom content links. ■ AllowDispositionUpgradeDowngrade : allows a user to perform upgrade and downgrade classification actions. See the Oracle Fusion Middleware Administrators Guide for Universal Records Management for more details about screening, creating reports, audits, archives, and configuring link types. The following rights are not assigned by default to any role. ■ NoPostFilterSearch : allows users to unfilter search results. The results include content the user has no access to based on security classifications, supplemental markings, custom security fields, and ACLs. If the user has no access to a content item in the search results, clicking on it results in an access denied error. By enabling this option, search queries are executed much faster because no complex post-filtering must be performed. Users with this right can still only access content items they have been explicitly granted access privileges to based on security groups and accounts. They will see other results in the search results list, but cannot access them. However, they will see some metadata information about the content item for example, their title, which may interfere with an organization’s security model. ■ NoSecurity : allows users to become immune to security classifications, supplemental markings, custom security fields, and ACLs. Their access to content is unrestricted by these security features. In addition, this option turns off search post-filtering, so search results include content the user has not been explicitly granted access to. For example, a user would have access to content marked as Top Secret even if that security classification has not been assigned to the user. This right can be used to give sysadmins the privilege to access every content item in the system. Access to content items continues to be restricted by security groups and accounts. ■ CustomDispositionActions : allows users to define custom disposition actions or to delete any disposition action. See Appendix C, Customizing Your System for details. ■ SecurityClassifications : new installs only. If enabled with the Admin.RecordManager option, the user is allowed to set up security classification levels. See Security Classifications on page 6-8. This box is only available if the ‘Classified Security’ option has been enabled. ■ GetAllFilePlan : allows a user to get all series, categories, and folders when the GET_FILE_PLAN_ALL service is called. Without this right, inaccessible objects are excluded. The service is typically used by Oracle URM Adapters.

5.12.6 CBC Tab