Within the Formpipe Preservation team, we talk a lot, probably every day, about access structure or a permission matrix within our electronic systems.
For our delivery teams, it is part of their day to day lives, so much so that we made a video on it to showcase what our product can do. To watch the video, please click here. Long-Term Archive can set permissions on users, groups and archives then content types, search criteria and individual item level so we can meet any organisation’s permissions.
But…
A regular mistake we see is that the permission structure mirrors that of the source system providing the content. This is often a legacy of thinking of an archive as an ‘add on’ to an EDMS or other business-critical system. With an e-archive or preservation platform, I would always encourage prospects and clients to consider that the majority of the information is not for day to day consumption and therefore a more limited set of permissions are required.
I would encourage you to group permissions into the following 3 sets;
1). Who can post into the archive
This will most likely be the largest set of users. You will encourage users to send data or documents that need preserving out of the everyday system and post into the archive. Where you are interfacing something like an ERP or CRM then you can adopt the permission structure of the source system, where the ingestion is triggered manually you can apply workflows to manage that process. Allow the ingestion metadata schema to care for the content structure, location, file type and permissions. The user posting simply needs to initiate the move to the archive
2). Who can search and retrieve
Depending on the way you want to work this is either;
- an individual who can search and retrieve content, OR
- a user who can place a request for an archivist to search and retrieve.
We would strongly encourage this set of users to be limited, this is historic data and has been classed as not required within a business as a usual system. Where documents are stored, allowing any user the ability to see a previous version of a document could be damaging. Those few that you do grant permissions to should only be able to access archives they need to see following an existing corporate organisational structure detailing areas of responsibility. Where required you can set an archival search and retrieval function, meaning you can still hide the content from users whilst allowing them the ability to retrieve
3). Administration
Split this group into two areas as they will have different access requirements and you should where possible avoid one single user having both archive and system admin rights.
Archive Admin
Archive admin will need to be those who care about true preservation needs. They will manage retention policy, archive structure and the general use of the system. Where an archive team manages requests or data management workflows they will responsible for the execution of these and be looking for the ability to report accordingly. They will set the metadata schema and archive rules that create the structure and permissions. These people should also be the ones who host any audit activity with an understanding of the logs and audit trails required. Such user rights will be governed by their qualifications, experience and area of responsibility.
IT admin
Your system administrators will sit separate from the archive function and will be more focused on system performance, user access and storage locations. They have a limited requirement to actually access archives or the content within but will oversee the system overall and most likely the vendor contract if applicable.
Please do not struggle, get in touch today and allow us to help with creating a permission matrix that works for your organisation, meets your compliance needs and creates an efficient preservation platform.
