Modify Access Control permission

Respected Contributor.

Modify Access Control permission

I posted this a while ago in another section (and apparently under a different name... hmmm...) but didn't get any response.  I have subsequently granted 'Records Administrator' permission to the End User profile, but this seems an inelegant way of doing things and is also causing a problem now that we need to be able to prevent Notes from being edited.  Any suggestions would be appreciated.




Modify Access Control permission

We recently started setting up a few new users and encountered a problem when they try to apply Access Control to a newly created container. While they can bring up the Access Control box and see the default Access Control for the record type, the tagging column is missing. This means that they cannot select levels of access (View Document, View Metadata, etc) to change.

My understanding is that the ability to add/modify access control is governed in a couple of places:
1) the 'Modify Record Security' User Permission
2) the 'Can Modify Access' Access Control on the Record Type/individual record.

The user(s) in question belong to a position that is listed in the 'Can Modify Access' Access Control on the record, so there shouldn't be any problem there.
The user's User Permission (End User) is inherited from their Position, and includes the 'Modify Record Security' option. This, in my opinion, should be sufficient to grant access to apply Access Control but that was not the case. It was only when we granted Records Administration permission that the tagging column appears in the Access Control box.
Obviously I'd prefer not to allow End Users to have the Records Administration permission, so I was wondering if anyone has any suggestions as to what else may be causing the problem?

Neil Summers
Micro Focus Expert

Re: Modify Access Control permission

Hi Michael,


The ability to modify access control on a record can also be restricted by the record deriving its access control settings from a container. Restrictions are enforced to prevent an unauthorised user moving a record from one container to another and effectively changing who can modify access or destroy the record. I know you said it's a container they're having problems with, but check that it doesn't use "From Container" access controls.


Also you can often find out more about the reason for restriction by right-clicking on the record (while logged in as a user that's having the problem) and selecting Details - View Rights.


Note: Any posts I make on this forum are my own personal opinion and (unless explicitly stated) do not constitute a formal commitment on behalf of HPE.

(Please state the version of CM you're using in all posts.

HPE Software Support Online (SSO):