Surviving The Digital ECM Explosion – Alfresco Custom Security Controls

Surviving The Digital ECM Explosion – Alfresco Custom Security Controls

Alfresco the world’s leading content management system introduces the brilliant concept of custom security controls. It unveiled the most needed and sophisticated application of content security. Alfresco finally makes classification customizable such that the growing volume of digital data can be efficiently taken care of. It has opened the gates for government body and enterprises to customize the access on various content by creating their own security access system.

Security Controls

Alfresco Record Management gives you the provision to add security controls both the files and records so that only eligible users (i.e. users with definite criteria or security level) can access them and work on it. Security controls involve security classifications and security groups which are further built by one or several blocks named security marks. Apart from one predefined Classification security group, it allows you to add n number of new security groups as per your requirement.

The files, as well as the records both, can be classified by making use of the Classify option, you can apply the security marks. Once classified that particular file or record can be only seen by the users who stands clear of the security criteria and the level of security is displayed on the screen. Users not matching the security criteria will not have access to them, in fact, will remain oblivious even of its existence. Every classified file that has been claimed as a record has got its security marks. User clearance is set by assigning security marks to them. Security controls can be configured as well as assigned through the standard Alfresco Admin Tools which can remain completely exclusive of the record management site.

Classification Lifecycle

Users with the needed security clearance can classify and reclassify files as well as records. The Classification life cycle goes like follows:

  • 1. Alfresco Administrator is entitled to create security controls in the Alfresco Admin Tools i.e. Security Controls → Configure, however, the Classification security group is predefined.
  • 2. Next, the Alfresco Administrator provides security clearance level to a user in the Alfresco Admin Tools i.e Security Controls → Assign.
  • 3. The user is assigned the site and file permissions that he/she needs to edit a particular file or record.
  • 4. The user next selects to classify a file or record.
  • 5. In the next step the user selects security classification and the security marks.
  • 6. The classified file or the record is visible only to the user with a particular level of security clearance needed to access that particular file or record.
  • 7. It also gives the user the provision to reclassify the file or the records either by following the Downgrade Schedule or the Declassification Schedule whichever suits the purpose.

How Security Control Works?

Predefined Classification security group and the customized security groups function almost in a similar fashion. You have to apply the security marks to the records in the Records Management Site and files in the standard Alfresco Site. And the same marks are assigned to the users to set their security clearance criteria.

When you start classifying a file or a record using the Classify option the classify content screen splits into two parts: the top part is used for setting classification and the lower part is used for adding additional security marks. Both can be added to a record or file at the same time.

Classification Security Group

The types of Classification level you can apply to various files and records are as follows:

  • 1. Top Secret.
  • 2. Secret.
  • 3. Confidential.
  • 4. Unclassified (used to distinguish a record or a file that used to be classified or will be classified in future).

There are in all three clearance levels that can be assigned to the users:

  • 1. Top Secret- It signifies that the user with this security clearance can access files and records with any classification level.
  • 2. Secret- Users with this level of security clearance can access secret, confidential and unclassified files and records.
  • 3. Confidential- Users having this security level of clearance can only access confidential and unclassified files and records.

The Alfresco Administrator by default has Top Secret Clearance and the other users bear No Clearance until their security clearance has been set.

Another vital aspect of security controls is that you are not eligible to classify a file that is higher than your own security level. So for example, if your security clearance level is Confidential then you cannot classify a file as Top Secret. Further security clearance is applicable only for the files and records that have been classified. A simple example to demonstrate how it works is that if a file or a record has been classified as Top Secret then a user with Top Secret security clearance view and access with the record whereas a user with confidential clearance is oblivious of the record in the File Plan.

Unlike other proprietary and legacy systems that were not designed to bear the lash of unmanageable digital content explosion Alfresco’s open platform offers a highly flexible platform to manage it. It provides exceptionally scalable ways to customize and deploy content, manage business processes and cater to efficient records management. It can not only be easily integrated into existing IT systems but also be molded as per new emerging needs, so definitely Alfresco has a long way to go surviving against the deadly digital explosion.


The following two tabs change content below.
Pratyush Kumar

Pratyush Kumar

Co-Founder & President at Algoworks, Open-Source | Salesforce | ECM
Pratyush is Co-Founder and President at Algoworks. He is responsible for managing, growing open source technologies team and has spearheaded more than 200 projects in Salesforce CRM alone. He provides consulting and advisory to clients looking for services relating to CRM(Customer Relationship Management) and ECM(Enterprise Content Management). In the past, Pratyush has held consulting roles with various global technology leaders, such as Globallogic & HCL in India. He holds an Engineering graduate degree from Indian Institute of Technology, Roorkee.
Pratyush Kumar

Latest posts by Pratyush Kumar (see all)

Pratyush KumarSurviving The Digital ECM Explosion – Alfresco Custom Security Controls