Applying security settings

You can use security classifications to configure the available access levels to data stored in Objective ECM. Each user also has a Highest Available Classification assigned to them, which allows them to view Objects of particular security classifications. That is, when you have configured an Object's security classification, any user with a Highest Available Classification equal to or higher than that Object's security classification is able to see it in Objective Navigator.

Note:   The use of security classifications within Objective ECM is optional. Objective ECM's security classification functionality meets with the Australian Government Protective Security Policy Framework (PSPF).

Caveats provide an additional layer of security to objects. You can use caveats to secure information relating to an area of practice or specific knowledge level. For example, you may use a 'medical in confidence' caveat to secure medical records in your system.

Caveats can be set up so that they’re only visible to users or user groups that have those caveats assigned to them. With the exception of the Objective administrator, users are only able to assign caveats to objects that have been assigned to them as users.

When a caveat is applied to an object, only users who are members of the corresponding caveat group can access the object. In the case where multiple caveats are applied to a single object, there must be a one to one correlation between your caveat group assignment and the caveats assigned to the object.

Caveats can be either:

• inherited
• not inherited.

When caveats are ‘not inherited’, users do not have the option to inherit caveats. Therefore, the only caveats that apply to an object are those that have been explicitly assigned to it.

There may be times when it is necessary to update or change the existing security settings for an object. For instance, when the security classification of an object has changed.

Note:  You must have the required privileges and security clearance in order to change an object’s security settings.

1. Go to the object for which the security settings have changed.
2. Select for the object then Details to open its Details page.
3. Select in the top right-hand corner of the Security section to make the Security Classification and Caveats textboxes editable.

4. Select a different Security Classification from the drop-down list.

   If the object has inherited their current security classification from a parent container, then the Use inherited classification checkbox is ticked. In order to change the user’s security classification:

   1. Untick the Use inherited classification checkbox.
   2. Choose a different security classification from the drop-down list.

5. Edit the current Caveats.

   1. Select next to a listed caveat that is no longer required.
   2. You can Find a different caveat by entering the Name of the caveat in the Find by name dialog box and selecting Find. Choose the appropriate caveat from the search results, then Use selected.
   3. To include additional caveats, select Add another to choose another caveat from the drop-down list or search for it.
   4. The caveats can then be ordered by selecting for a field and dragging it to the required position.
   5. Select next to a listed caveat that is no longer required.

   6. Tick / untick the Use inherited caveats checkbox as required.

      Tip:  If the object has inherited their current caveats from a parent container, then the Use inherited caveats checkbox is ticked. In order to make any changes to the existing caveats, you will need to untick the Use inherited caveats checkbox first before making any changes.

6. When you have finished adding and editing your security settings for the object, select:

   • to accept and save your changes and exit edit mode.

   • to discard your changes and exit edit mode.