Secure metadata management

Secure metadata management

The management of secure metadata makes it possible to carry out a control of the display of metadata according to the types of users. Thus, the feature allows the addition of a security by role for each metadata. For example, an Administrator could view specific metadata that would not be displayed to the User, such as the employees' social insurance number. Another example of use is to limit reading access to archival metadata so that only those responsible for document management can consult them.

By default, no security is applied to metadata management. The feature is therefore to hide the metadata and prevent it from being used in simple or advanced search for the users concerned. This is an access control over the reading of the metadata.

1. Add and edit secure metadata

To assign security to metadata, it is necessary to visit the page for adding or modifying metadata.

First of all, in the "Administration" menu; 

1. Click on "Metadata Schemas" in the navigation menu;
2. Then click on a type of metadata schemas;
3. In the schema type page, click on "Metadata";
4. In the metadata page, click on "Add" or on the "Edit" key of an existing metadata;
5. Locate the "Limit read access on role metadata" field.

To validate a metadata security, simply select the desired role(s). 

1.1 Behaviors according to the selected roles

Selected value	Example	Role(s) that CAN access the information
		Administrator	Records General Director	Manager	Utilisateur
None		Yes	Yes	Yes	Yes
Only one role		Yes	No	No	No
Two roles		Yes	Yes	No	No
Three roles		Yes	Yes	Yes	No
All		Yes	Yes	Yes	Yes

2. View secure metadata

Secure metadata is viewed in the same way as insecure metadata. The metadata, which will be read specific to one or more defined roles, will appear in the schema-related metadata page. 

To view metadata: 

1. Go to "Pilotage";
2. Click on "Metadata Schemas";
3. Then click on the desired metadata schema type;
4. In the schema type page, click on "Metadata" of the type of your choice;
5. In the metadata page, search for the secure metadata of your choice and click "Edit";
6. Locate the "Limit read access on role metadata" field.

In the case of metadata assigned to a document or folder, it will appear in the file or document card. If read access is granted to a single role, the metadata will not be displayed for the others.

3. Known limitations

• Securing a metadata is only possible for a non-mandatory metadata. For example, the "Title" metadata, which is mandatory, is not subject to a security configuration. It will then be displayed constantly, regardless of the role of the user.
• By default, no security is applied to metadata. Do not select a role equals therefore a lack of security on a metadata.