Sensitive Documents

mbdocu

We are looking to make certain custom object types ‘sensitive’ which would involve making those objects only viewable by certain roles.

Can this be done by creating a custom Boolean attribute in the custom object and flagging it sensitive on creation of the object?

How would one go about making this object only appear to each role based on this flag? Or is there an easier way to do it?

Any help on this would be greatly appreciated.

Chris_Campbell

I can think of a few ways to accomplish this.  Any way you go about it, you're going to end up using custom ACL that includes the roles that you want.  For example:

Sensitive_ACL

World: None

Administrator: Delete

Special_Role: Edit

Not_Special_Role: Browse

Owner: Edit

Here, Administrator has full rights.  Those with the special role or the owner can edit the document.  Those who aren't special enough can only see the title of the document.  If you're not in any of those groups, then you don't even know it exists.

Now it's just a matter of applying the ACL.  There are a ton of ways to do that.  You can just manually apply the ACL.  You can place it on the document during a lifecycle promotion.  You can also apply your custom ACL on import automatically through a TBO, asking through a form field or allowing the user to choose which ACL to use.  If you like the idea of an attribute you can make a boolean "Sensitive" flag.  Keep in mind that you'll have to define a custom action to perform (applying the ACL) when the attribute is set to true or false.  Oh, and you'll also need to make sure that whomever applies the ACL has rights to do so on that document.  That's not a problem if you're running something at the system level, but manually applying the ACL checks the user privs to do so.

Me, personally, I'm not a big fan of using the attribute.  I can see it's uses, but using a lifecycle state or a TBO on import seems a bit more robust and easier to implement.  It all depends on your situation I guess.