Classification security group - Alfresco Governance Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Governance Services

Platform
Alfresco
Product
Alfresco Governance Services
Release
23.4
License

There are four classification levels you can apply to files and records:

  • Top Secret
  • Secret
  • Confidential
  • Unclassified (typically used to differentiate a file or record that used to be classified, or will become so in future)

There are three clearance levels that can be assigned to users:

  • Top Secret - Can see files and records with any classification level
  • Secret - Can see secret, confidential and unclassified files and records
  • Confidential - Can see confidential and unclassified files and records
Note: The default Alfresco Administrator has Top Secret clearance. All other users have No Clearance until their clearance is changed.

You can’t classify a file higher than your own security level. So if your security clearance is Confidential, you can’t classify a file as Top Secret.

Security clearance levels are enforced for files and records that have been classified. For example, if a record has been classified as Top Secret, then:

  • User 1 (Top Secret clearance) - can see and work with the record
  • User 2 (Confidential clearance) - doesn’t see the record in the File Plan

User 1 would see the following, whereas User 2 would only see the Unclassified file that has no classification label:

Two files with a "Top Secret" classification label, and one without it.

When you set security classification for a file or record you must record a reason for the classification. Downgrade and declassification schedule option give additional control over the classification lifecycle.