Accessing records

The intersection of a record’s access level and access restriction determine who can access a given record.

Both access level and access restriction are managed through metadata. The access level is set in the “Access” metadata field, and the access restriction is set in the “Access restricted to” metadata field on a record or in the “Access restriction” field on a case, if any is attached.

Record access levels

There are three access levels in F2:

  • Involved: Only users and units actively involved in the record can find it when performing a search. This is the most restrictive access.

  • Unit: In addition to participants actively involved in the record, users in the record manager’s unit can also view the record.

  • All: All users within the authority can search for and view the record.

A new record is created with “Involved” as the default access level, but the responsible user can change the level manually. The access level changes automatically if the record is shared with other users.

The default access level for newly created records can be customised. Configurations are performed in cooperation with cBrain. Additionally, you can set up the default access level for your imported emails.

Update the record access level

Update the access level for the record via the "Access" metadata field. The record must be in edit mode. In the drop-down menu, you have the following options:

  • Involved

  • Unit

  • All.

image
Figure 1. The "Access" field on the record

When you save a record, the case help can help you select the correct access level according to your organisation’s guidelines.

Users do not receive notifications about changes made to a record’s access level.

If a record is subject to an access restriction in the “Access restricted to” or “Case access restricted to” fields, an asterisk “*” is shown in the “Access” field.

Hover the cursor over the icon help icon for further information about access to the record. The example below shows the information displayed on a record with the access level “All” and an access restriction added.

image151
Figure 2. Access restriction information

Access restrictions on records

You can restrict access to a record, ensuring only select users can access it. This is achieved by restricting access directly on the record or by restricting access to its case if the record is attached to any.

Restrict access to a record

Restrict access to the record by adding security groups, users, units, or teams in the "Access restricted to" field in the record window. The record must be in edit mode.

image
Figure 3. Access restriction on a record

The field limits the access to the listed users and groups. Regardless of the record’s access level as specified in the “Access” field, only users/groups that have been added to this field can access the record.

However, the access level is still in effect, which means that anyone added to this field must also be included in the record’s access level.

If a user adds a security group to a record which already has one or more security groups, the number of users who can access the record will increase.

When the you add an access restriction, the dialogue “Participants do not have access to the record” may appear to notify you that other users or units will lose their access because of the restriction. This dialogue is also called the access assistant.

image154
Figure 4. “Participants do not have access to the record”

It is possible to activate the access assistant for units. This means the access assistant will open if a unit outside the access restriction is added to the record. The configuration is disabled by default. Configurations are performed in cooperation with cBrain.

When an access group is added or removed, the log will show which user made the change and when.
If a user with restricted access (in the user properties) is added to the “Access restricted to” field, either the authority, a unit, or the user’s security group must also be added to this field, and the “Access level” must be “All”. Otherwise, access to the record is reduced to the restricted access user.