Client Support
Showing results for 
Search instead for 
Do you mean 

When changing assignee - to a less secure location - Warning is not displayed

Valued Contributor

When changing assignee - to a less secure location - Warning is not displayed

[ Edited ]

HP RM 8.1.1.7760, WIn7, SQL 2012-R2, 

It has just being reported to me that when records officers are changing assignee - to a less secure location, the usual warning about security breach is not displayed. Not sure when this started. 

The option is ticked in the System Options. The warning is popping up when they try to assign a file to external user.

Any advice?

thanks

17 REPLIES
Valued Contributor

Re: When changing assignee - to a less secure location - Warning is not displayed

Anyone on this one?

We realised that the change was done when we upgraded HP TRIM 7.3.4 to HP RM 8.1.1.7760.

Basically, no security breaches warnings when we assign corporate files to user that does not have access to that file. Does that also mean that virtual files (access protected) are also visible to thos users who are not supposed to have the access towards these files?

Regards

 

HPE Expert

Re: When changing assignee - to a less secure location - Warning is not displayed

Words for me:

Check and ensure that the record itself has a security level. If it is coming from a container and it is not inheriting the security then it might not have a level associated 

**Any opinions expressed in this forum are my own personal opinion and should not be interpreted as an official statement on behalf of Hewlett Packard Enterprise**
Valued Contributor

Re: When changing assignee - to a less secure location - Warning is not displayed

Thanks,

What I am trying to say is this:

It was working OK in HP TRIM 7.3.4. (our access settings for corporate files were OK) . Then, in HP RM 8.1.1.7760 something has changed, but somehow it went un noticed till now when they informed me that the amount of security breaches is decreased from the trim update date in mid of june 2015., and corporate files could be assigned pretty much to any internal location without the security breach warning appearing. The warning do appear when the file is assigned to an external location.

These are the settings :

 

Where else could be the change/settings that needs to be analysed as we would not prefer to change access security settings on 300,000 corporate files.?

Thanks

HPE Expert

Re: When changing assignee - to a less secure location - Warning is not displayed

That option you are referring to is for the security level and reassignment to another location and the screenshot at the bottom is referring to the access controls of a container - they are 2 different facets of security. 

Are you reassigning record 15/3615 to another location and not getting a message?

Run me through what you are doing.

**Any opinions expressed in this forum are my own personal opinion and should not be interpreted as an official statement on behalf of Hewlett Packard Enterprise**
Valued Contributor

Re: When changing assignee - to a less secure location - Warning is not displayed

Basically, yes.

When I or Records Officers are asisgning files to a less secure location , the warning is not appearing. It does appear for the external location. So the answer is a difference between these two. This was all OK in TRIM 7.3.4.

Regards

 

HPE Expert

Re: When changing assignee - to a less secure location - Warning is not displayed

I'm guess that all the internal locations have a security level of 'unrestricted' and the external have 'no security level'

can you confirm?

**Any opinions expressed in this forum are my own personal opinion and should not be interpreted as an official statement on behalf of Hewlett Packard Enterprise**
Valued Contributor

Re: When changing assignee - to a less secure location - Warning is not displayed

Confirmed.

 

HPE Expert

Re: When changing assignee - to a less secure location - Warning is not displayed

OK, so you are correct the access control restriction should generate the message in 8.11.

The problem that you have is the 'view metadata' is set to everyone.

If you add a restriction on that too, you should see the security breach email.

Try updating the view metadata and see if that sorts it out

**Any opinions expressed in this forum are my own personal opinion and should not be interpreted as an official statement on behalf of Hewlett Packard Enterprise**
Valued Contributor

Re: When changing assignee - to a less secure location - Warning is not displayed

Thanks,

We know that, it does sort it out, but we prefer not to change the metadata "view" - set to everyone to a restricted access for 300,000 corporate files... We cannot do that in bulk as each file has a different access settings. Must be some other way to sort out this.

It was not hapening in any previous upgrade.

Regards.

 

HPE Expert

Re: When changing assignee - to a less secure location - Warning is not displayed

But that is the access control that matters when it comes to security breaches. I think what you were seeing in 7.1 was not the correct functionality and has since been fixed in the later releases. I'm looking into that now.

Here is the section from the helpfile that highlights what the "view metadata" access control does, see attached

"Used to determine whether a security violation on current location settings"


**Any opinions expressed in this forum are my own personal opinion and should not be interpreted as an official statement on behalf of Hewlett Packard Enterprise**
Valued Contributor

Re: When changing assignee - to a less secure location - Warning is not displayed

That was actually in HP TRIM 7.3.4 ..

The graph that represents the number of security breaches shows a dramatic deacrease in the number of securioty breaches after the date of the upgrade from 7.3.4. to HP RM 8.1

We do not have an easy way to see from that period what hard copy files went to the users that do not have access to thos files? what would be the search syntax?

We did not expect to start changing the view metadata access for half a million corporate files (as found in the latest search) ... Plus how to do that in bulk if we must do it?

What is the solution to this?

Regards

HPE Expert

Re: When changing assignee - to a less secure location - Warning is not displayed

If you want the warning message to be displayed, then you would need to have access controls applied to the 'view metadata' option.

Nothing has changed in terms of what the user can see, the behaviour of the access controls is exactly the same. If all the access controls are restricted then only those users will be able to see the record.'

If you have it set to everyone for view metadata but have all the other access controls are restricted then:

  • All users can see the records metadata
  • however they will be restricted from all other features.

 

**Any opinions expressed in this forum are my own personal opinion and should not be interpreted as an official statement on behalf of Hewlett Packard Enterprise**
Valued Contributor

Re: When changing assignee - to a less secure location - Warning is not displayed

I appreaciate your answers, but I am still not convinced in a way that we cannot do anything or that we must retroactively changed manualy, not in bulk, all those files to have their "View metadata" permission set as the other options...

I thought that in HPE RM8.3 this issue does not exist,  as the warning is "This location cannot be used for assignee".... poped up, but later I realised that we have not changed the privileges / permissions for that particular user... the "Can be assignee" was not checked...

Once checked, the file could be assigned to that user.

Regards

 

HPE Expert

Re: When changing assignee - to a less secure location - Warning is not displayed

But are you following me that it is not a problem with RM (the behaviour that you experienced in TRIM 7 was a defect)

So you will either need to modify the access controls or live without the warning being displayed.

**Any opinions expressed in this forum are my own personal opinion and should not be interpreted as an official statement on behalf of Hewlett Packard Enterprise**
Valued Contributor

Re: When changing assignee - to a less secure location - Warning is not displayed

Two things here: we cannot "live with it" as the business users will start complaing about the hard copy files being delivered to users that do not have access to the files...

secondly, if we decide to se "view metadata" only to those users in those security groups or departments (some individuals too) then the other sections/departments e.g. Legal would not be able to find the file if they are not in the access group for that files...

The idea in the department was always to let people know about the metadata, but restrict the access....

How can we overcome this..

Also, how can we identify/search for files that have "view metadata" set to everyone, and other 3 categories access settings se to e.g. tendering and Joe Bloke?

Also, can we do changes in bulk...via TRIM or through the SQL database?

Thanks

 

Trusted Contributor

Re: When changing assignee - to a less secure location - Warning is not displayed

Hi PerthRM8, I don't have the answer's you're looking for, but I can suggest a couple of work-arounds based on what we do.

1)  We don't provide physical files to people that aren't in the Owner Location for that file, which is the business unit.  Its a manual process & we need to look up the details before handing out the file.  If you only have a small number of physical file movements that may help. 

2)  Regarding knowing which files have "view metadata" access, the only reliable way of doing this is to export all your files & their access controls & analyse the result in a spreadsheet.  You should do this from time to time to confirm that access settings comply with your expectations.  There's a logic to access controls that can be confusing to even power users & the admins need to keep on top of this.

3) While you can't search "View Metadata = Everyone" can you search for "View Metadata is not equal to members of My Department (recurisive)"?  Sorry I can't test it today.

Valued Contributor

Re: When changing assignee - to a less secure location - Warning is not displayed

Thanks guys,

we will discuss this in deep this Thursday in the section, so then we will know what to do.

In the meantime, I intend to ask this question on the HP Expert Day Online which starts today/tomorrow

regards

 

//Add this to "OnDomLoad" event