RIM Submissions Vaults include standard object actions for performing a variety of content planning tasks, including:
- Accessing and navigating the Content Plan Hierarchy Viewer
- Matching documents in the Content Plan Hierarchy Viewer, including during match document mode and via drag and drop
- Dispatching Global Content Plans
- Comparing and synchronizing Global Content Plans
While the linked pages above provide specific configuration details for these features, this page describes how Vault enforces Atomic Security for content planning actions generally.
How Content Plans Use Atomic Security & Application Roles
A user’s ability to perform content planning tasks is controlled by Execute access to an object action, within both the user’s assigned permission set and the object lifecycle state(s) which use the action.
For example, the Add Document action controls a user’s ability to drag and drop a document for matching in the Content Plan Hierarchy Viewer. Therefore, at minimum:
- The user’s assigned permission set must include Execute access via the Content Plan Item object’s Object Action Permissions.
- The relevant Content Plan Item object lifecycle states must be configured with Execute as the default Atomic Security: Actions permission.
If the default Atomic Security configuration within an object lifecycle is too permissive, actions can be further secured with an Application Role. For example, in lieu of the object lifecycle Atomic Security settings described above, the default permission for the Add Document action is Hide, and the Application Role to which users are assigned (for example, Editor) is granted Execute permission via Role Override.
See also Configuring Atomic Security for Object Controls.
Note: Users performing a given action described in this article must always have Execute access within both their permission set and the desired object lifecycle state(s). Other access levels (Hide, View) are relevant only for restricting action permission.
Object Actions for Document Matching
When a content planning activity results in an update to matched documents, the Content Plan Item object lifecycle and the initiating user’s assigned permission set must both have a corresponding Execute permission for the underlying object actions.
For example, when Vault replaces a document during synchronization, the initiating user must have Add Document and Remove Document object action permission. Successful synchronization also relies on the same permissions in the Content Plan Item object lifecycle’s Locked state.
The below Content Plan Item Object Actions allow users to seamlessly work with matched documents:
- Add Document
- Exclude Document
- Include Document
- Lock Version
- Remove Document
Note: Document matching also requires the EDL Matching > Edit Document Matches permission, found under the Application tab in the permission set.