I have what may be a dumb question, as I've been staring metaphorically at TRIM for ages now and haven't seen the solution.
What I need to be able to do is allow everyone to only view records of a particular Record Type, but I only want specific users to be able to create records of that type.
If I understand TRIM correctly, I can set the Can Use access control, but this either stops people from seeing the records of that type at all, or if they can see them, it allows them to create records of that type as well.
I can see how I can prevent users from modifying, updating, destroying or changing access controls for records of a particular record type. But nowhere can I find a means of allowing a specific group of users to be the only ones to create records of a given type, while allowing everyone else to have view-only access to them and the attached documents.
Am I missing something really obvious? Or is it something that can only be achieved by a complex series of hierarchical structures?
In my case, I do not want to restrict access by a particular classification or container, as these may change and grow over time and would create an administrative overhead. It is logically just records of the specified record type that needs restricting in this way.
The "Can Use" on the Record Type Access Control tab does indeed determine "Who" can create records using that Record Types definition. This control does not prevent "Who" can see records of this Record Type.
The access control assigned to the record itself of that particular record type, determines who can view or update it - as set by:
a) The default record access control set in the record type definition (on the Defaults tab in the Record Type);
b) The default record access control set in the assigned classification (on the General Tab of the Classification); or
c) The manually set record access control on the record itself (right clicking on the record) .