Chapter 2. IBM Enterprise Records system and architecture
2.3 Data model, workflow, and security
In this section, we introduce data model options in Enterprise Records, the available workflows, and briefly describe Enterprise Records security roles.
2.3.1 IBM Enterprise Records data model
Content Platform Engine provides an object-oriented content repository; everything in the repository is represented as an object with associated metadata. Documents, folders, custom objects, and other business objects are all objects within the content repository. Enterprise Records entities are business objects defined in and managed by Content Platform Engine.
A key component in Enterprise Records is the data model. Using the
object-oriented design of the Content Platform and extending its object model, the Enterprise Records Manager data model provides the core definitions that support the implementation of FileNet Records Manager business objects. The data model is an abstraction layer that acts as a template to provide the initial imprint or starting point for an FileNet Records Manager system.
Data model
Enterprise Records supports the following data model options:
Base
Department of Defense (DoD)
The
Base data model
is the core Enterprise Records data model option that deploys the IBM recommended standard records management functions. This Base data model is the data model used by most IBM clients unless they require the specialized functions of another data model. For federation, Enterprise Records works with Content Federation Services, using the Base data model only.The
DoD data model
is a special variation of the Base data model option. Itincludes configurations specifically intended for DoD product certification. Consider this option only if specific DoD-related configuration is required. (
DoD
refers to the Department of Defense standard 5015.2 for records management software. Each chapter in DoD addresses separate levels of the standard.)The
DoD Classified data model
implements the functions specified in classifiedrecords chapter of the DoD standard. DoD Classified addresses requirements and functions for the management of classified records. Consider this data model only if you require Security Classification support.
Business objects in FPOS
The Enterprise Records data model encapsulates the underlying records management business objects and associated metadata. The business objects and their associated metadata are defined within the FPOS.
High-level records management business objects include these components:
File plan Record containers: – Record categories – Record folders – Record volumes Record objects Disposition schedules Disposition events Searches Holds
Security classification guides
These objects are the building blocks for a records management system. You can also create custom object definitions that are relevant to your business context and requirements.
Figure 2-6 provides a high-level overview of some of the Enterprise Records data model and the potential relationships between the objects.
Figure 2-6 Sample IBM Enterprise Records data model
As shown in the diagram, at the top level of any data model there is a
file plan
, which can contain record categories. Arecord category
can contain other record categories, record folders, or records. Arecord folder
can containrecord
volumes
, which contain records.Disposition schedules
anddisposition events
are not illustrated in Figure 2-6 butmight be applied to the objects in the diagram. For instance, a basic disposal schedule might be applied to a record category.
Searches
, also not shown in the diagram, can be defined and applied to mostdata model components, such as searches for record categories, record folders, and records. Record Categories Record Folders Record Volumes Records File Plan
Holds
in Enterprise Records are applied to data model components, such as record categories, record folders, and records, to ensure that records are preserved in accordance with the hold requirements.Security classification guides
provide the details that govern classification whenrecords administrators apply a classification guide to a file plan component.
2.3.2 IBM Enterprise Records workflows
One of the major benefits that Enterprise Records provides to organizations is that it is built on FileNet Content Platform Engine, which includes the strengths of the engine’s Process Services. Like many areas of a business, records
management is based on processes. Therefore, Enterprise Records is strongly process-centric.
To perform records management tasks, such as disposing of records, reviewing records before they are destroyed, destroying records, or working with physical records, Enterprise Records provides the following preconfigured workflows:
Disposition Review
Cutoff
Create Record Folder
Destroy
Export
Interim Transfer
Physical Record Management
Screening
Transfer
Vital Record Review
Although each of these workflows can be used as-is, each preconfigured workflow is usually customized to reflect your internal business processes.
2.3.3 IBM Enterprise Records security and roles
A key feature of a records management system is controlling access to the records and information managed by the system. When a document is declared as a
record
, the document is under the control of the records management system. The access rights specified in the file plan override any access rights to the document that were specified before it was declared a record. You also canuse
inherited proxy
so that documents retain the security that they had beforethey were declared, except that the document is locked down and cannot be deleted except by Enterprise Records.
Enterprise Records security settings determine the groups and users who can access record entities, including file plans, categories, folders, volumes, and records. Security settings also control the permissions that are granted to each group or user.
Appropriate security controls for records ensure the following safeguards:
Only authorized users can access the appropriate records.
Records are destroyed as a result of a defined records disposition policy. Authorized records personnel can delete records only under rare
circumstances, which are recorded in the audit log. Records users cannot delete records accidentally.
Users can perform only those operations on records for which they have access rights granted.
Enterprise Records uses the core security model that is used with the FileNet Content Platform Engine. The security model supports existing security standards, such as Lightweight Directory Access Protocol (LDAP), Secure Sockets Layer (SSL), and commonly used directory services products.
Enterprise Records provides an LDAP directory-based authentication model and a comprehensive auditing system.
Enterprise Records supports several roles to initially configure the security for the various records management entities. These roles serve to define the functional access rights for users and groups. These standard roles are defined by the Base data model:
Records Administrator Users who are Enterprise Records system administrators.
Records Manager Users who are responsible for applying disposal schedules, holds, managing the file plan and file plan components, physical records, and disposition processes.
Records Privileged User Users who have delegated access to a segment of
file plan components for a business unit or department. In some organizations, this is the departmental Information Coordinator.
Records User General users who might require access to Enterprise Records user functions. Within most organizations, it is typical for general users to never interact with an Enterprise Records desktop and to work with Content Navigator desktops instead. These roles are typically tied to groups in the directory service.
The predefined roles vary with other data models. For example, the DoD Classified data model implements an additional role called the Classification Guide Administrator.
For a more information about these roles and security, see Chapter 4, “Security” on page 93.