Configuring role-based redactions for IBM FileNet P8 repositories

Role-based redactions limit a user's exposure to sensitive data based on the user's business role. You no longer need to have multiple versions of the same document for users with different roles. Role-based redactions use policies that define the redactions to apply to a document.

About this task

When a user opens, downloads, prints, or emails a document that contains sensitive data, redactions are burned into the document in real time. Role-based redactions are supported for TIFF and PDF files on the IBM® FileNet® P8 repositories on the IBM Daeja® ViewONE Virtual viewer.

You must be a redaction administrator to configure role-based redactions.

Note that the role-based redaction feature is not supported when image stamps are configured.

Procedure

  1. Log in to IBM Content Navigator as an administrator and click the Open Administration View icon on the left navigation bar.
  2. Enable role-based redactions:
    1. In the navigation pane, click Repositories.
    2. Click New Repository to create a new repository or double-click an existing repository that you want to configure for role-based redactions.
    3. Enter the information in all fields and click Connect to connect to the repository.
    4. Log in again with your user name and password.
    5. In the Optional Features section of the Configuration Parameters tab, enable role-based redactions for the repository and assign redaction policy editors and redaction editors.
    6. Click Save and Close.
  3. In the navigation pane, click Role-based Redactions.
  4. Define redaction reasons.
    Redaction reasons identify the types of sensitive data that you want to conceal from general users. IBM Content Navigator predefines two redaction reasons for you: Social Security Number and Credit Card Number.
    1. Click New Redaction Reason from the Reasons tab.
    2. Provide a name and optionally, a description, for a type of sensitive data that you want to conceal from general users.
    3. Click Save and Close.
    4. Repeat steps a to c for each type of sensitive data that you want to protect.
      When a redaction reason is specified for use in a document, the Repositories column on the Reasons tab is populated with the name of the repository that holds the document.
  5. Click the Policies and Roles tab.

    If only one repository is enabled for role-based redactions, the repository name is displayed at the top of the tab. If you are not already connected to it, connect to the repository.

    If multiple repositories are enabled for role-based redactions, select the repository that you want to configure. If you are not already connected to it, you are prompted to do so.

    Note: Only repositories that are enabled for role-based redactions appear in the Repositories list.
  6. Create redaction roles.
    Redaction roles designate which users and groups can view sensitive content and which users and groups can modify role-based redactions. They obscure or permanently remove sensitive content from view by general users.
    1. From the Policies and Roles tab, click New Redaction Role under the Redaction Roles Configuration section.
    2. Provide a name and optionally, a description, for the role.
    3. Identify the type of role that you are creating, Editor, or Viewer.
      Redaction editors can create, modify, or delete specific types of role-based redactions. Redaction viewers can view specific types of sensitive data.
    4. Assign users and groups to the role.
      Note: For each role member, you can allow or deny access for that member. For example, you might add the Finance Department group to a viewer role and then deny access to the Finance Department intern by adding an intern separately and selecting Deny from the Access list.
    5. Click Save and Close.
    6. Repeat steps a to e for each role.
  7. Create redaction policies.
    All role-based redactions on a document are applied to the document by default when it is accessed. The exception to this base rule is managed by using redaction policies. By associating redaction reasons with redaction roles, redaction policies identify what role-based redactions are not applied to the documents for viewers that are associated to the policy and what role-based redactions can be created, modified, or deleted by redaction editors that are associated with to the policy.
    1. From the Policies and Roles tab, click New Redaction Policy.
    2. Provide a name and optionally, a description, for the policy.
    3. Select one or more redaction reasons, redaction editors, and redaction viewers.
    4. Click Save and Close.
    5. Repeat steps a to d for each policy.

Creating role-based redactions

Creating redactions requires IBM Daeja ViewONE Virtual. To create role-based redactions, you must be a redaction editor that is specified in the policy for the IBM FileNet P8 repositories.

Procedure

  1. Click Open Browse View on the left navigation bar to browse and select the document.
  2. Open it in the viewer.
  3. Select a Draw redaction icon from the left vertical toolbar and draw a redaction to hide sensitive data.
  4. Right-click the redaction annotation to select Edit redaction reason from the annotation tool bar. Select a redaction reason.
  5. Optional: Click View Properties on the upper right toolbar to display the Properties pane and select one of the options.
  6. Save the document.

Editing redactions

Editing redactions requires IBM Daeja ViewONE Virtual. To edit redactions, you must be a redaction editor in the role-based redaction policy for the repository.

Procedure

  1. Click Open Browse View and browse and select the document with the redaction that you want to edit.
  2. Double-click the document to open it in the viewer.
  3. Optional: Take these actions:
    • Move the redaction annotation to reposition it.
    • Change the redaction reason by right-clicking the redaction annotation and then selecting a different reason from the tool bar.
    • Delete the redaction annotation by right-clicking it and select the X sign from the tool bar.
    • Edit the properties of the redactions by selecting View Properties from the upper right toolbar and redefining the sensitive content.

Exporting and importing the redaction reasons

The export and import feature allows the administrators to export redaction reasons to a file and then import them to different instances of IBM Content Navigator.

About this task

To export and import a redaction reason, follow these steps:

Procedure

  1. Click Open Administration View.
  2. Click Role-based Redactions to open the Reasons tab of the redaction.
  3. Select a reason that you want to export from the list.
    The Export and Import buttons become enabled.
  4. Click Export and save the file as a .properties file in a location you specify.
  5. To import a reason that you exported, click Import.
  6. Browse to select and open the .properties file that you saved.
  7. Select the file and click Import.
  8. Optional: Click Download Report and save it as an .html file in the location you choose.

Viewing documents with redactions

The Daeja ViewONE Permanent Redaction Server module is required to obscure any sensitive data for users who are not authorized to see through the RBR annotations. To view documents with redactions as a redaction reader, follow these steps:

Procedure

  1. Click Open Browse View to browse and select the document that you want to view.
  2. Double-click the document to open it in the viewer.
    Redaction annotations obscure any sensitive data that you are not authorized to see.