1. Field of the Invention
The present invention relates to a method, system, and program for using an access control list rule to generate an access control list for a document included in a file plan.
2. Description of the Related Art
Enterprise content management systems facilitate managing a variety of information/content (documents) and processes that use such information during the course of enterprise operations. Documents, as used herein, refer to any identifiable logical/physical units of information, including content and transactions generated by the enterprise. A document may comprise an electronic file, object, program, database, image, email, message, etc. or a physical item, such as a paper, file, cassette recording, model, etc. Documents stored in the content management system may not initially be managed as part of a records management system until they go through a “declaration” procedure that creates a corresponding record information object (RIO) for the document. Each RIO may include metadata and a reference to the declared document. The metadata describes/characterizes the declared document. The reference is, for example, a location of the document maintained in an electronic file system or database maintained in a computer-readable media. Alternatively, in the case of a physical document, the reference specifies a physical document location (e.g., a box number, a file cabinet, etc.) where the document is located. Once declared as a record, a document is managed/accessed via the content management system and access to the declared document takes place via the content management system.
Other embodiments may not use the RIO/reference model and may instead directly attach record information or metadata to the document or object itself or use other means to track and/or manage records.
The scope of content represented by RIOs is not limited to any particular type of document form or location. A variety of document types are potentially referenced by the RIOs of the records manager. Such document types include, by way of example: formal documents such as permits, invoices, tax records, patents, contracts, claims, manuals etc; informal documents such as email messages (and attachments), text messages, meeting notes, etc.; multimedia content such as audio, video files; and physical containers such as file boxes, cabinets, folders, etc. The documents referenced by the RIOs are potentially stored in a variety of forms and locations. For example, electronic documents including images, text files, forms, etc. are potentially stored in file systems and databases. Physical documents referenced by RIOs are potentially stored in cabinets, boxes, file folders, etc.
After declaring a document, the associated RIO is maintained in an electronic object storage facility referred to as a “file plan object store” including one or more “file plans”. In certain cases, file plans for documents may be maintained without a file plan object store. Each file plan comprises an outline/definition for record management based upon a hierarchically arranged set of categories (classes/subclasses) and containers for classifying/organizing/maintaining the RIOs and their associated declared documents. A known file plan arrangement for storing records includes the following containers: categories/sub-categories, record folders, and record volumes. In addition to defining a taxonomy of document types declared within the system, the file plan supports specifying management rules for RIOs placed within particular document categories and sub-categories. Such rules include user role-based access/permissions to RIOs and their associated documents, and defining access control lists and access control list rules, etc. Thus, the known file plan structure can be visualized as a hierarchical tree structure where nodes potentially specify distinct containers (e.g., category or container of categories). Each category within the file plan potentially specifies a set of properties and lifetime document management rules for associated document records.
When a document is declared or added to the file plan, and the RIO added to a container in the file plan, there are different ways to determine an access control list of users and their level of access to a document added to the file plan. An access control list comprises a list of users or groups of users enabled access to one or more documents and a level of access for each user or groups of users, such as read-only, read-write, modify properties, etc. In one implementation, the access control list setting is copied from the file plan container to the RIO. For instance, if a RIO is added to a file plan container that is defined to have an access control list of “Group A read only” and “Group B non-access”, then the document or RIO in the file plan will inherit the security level defined for the container in which the RIO/document is included. In an alternative technique, the RIO in the file plan may have an access control list comprising the access control list for the document before it was added to the file plan.
There is a need in the art for improved techniques for determine the security level or access control list for a document added to a file plan.