Editing record security

All i2 Analyze records have security settings that the system uses to determine whether you (and other users) can see them at all, or edit the information they contain. Permission to edit a record includes the ability to edit the security settings themselves.

Before you begin

In i2 Analyze, the server maintains a set of security dimensions whose dimension values are used to classify records. Your ability to view or edit a record is controlled by what kind of record it is, according to those values.

For example, there might be a security dimension whose values indicate the nature of the source for a record - whether it came from an informant, or from open-source intelligence, or from a call data record. There might be another security dimension whose values indicate whether the information in the record is top secret, or confidential, or restricted.

Sometimes, a dimension and its values can be as simple as a list of the teams in your organization, with the intention that the record is classified by the teams who should have access to it.

Every record in i2 Analyze has at least one value from each security dimension. To use the same examples, a record might contain confidential information that came from an informant, and be accessible only to people in Team B or Team E. (Whether it's accessible to an individual in Team B also depends on their permission to see confidential information.)

When you create an i2 Analyze record in Analyst's Notebook, it receives a default set of dimension values that allow you to upload it to the Information Store. Thereafter, anyone with permission to edit that record can add, remove, or change those values.

In some security dimensions, the values act as levels and records take a single value. For example, if a record is "Top Secret", it cannot also be "Restricted". In other dimensions such as the data source or teams list, records can take one or more values. The default setting for these dimensions is "ANY" and this means other users who have access to any of the selected values can view the record. If a security dimension is set to "ALL" it means users must have access to all the selected values to view the record. In this scenario, selecting more values means fewer users are able to view the record.

About this task

Information about the security settings of an i2 Analyze record is available on the Details tab of the Record Inspector. The Security section contains a list of security dimensions, together with the values that the record has from each dimension. If you can edit the record, the tab also contains controls for changing the settings.

Note:
Your system administrator can add, remove, and restore values in the security dimensions on the i2 Analyze server. When they remove a dimension value, it becomes possible for an existing record to have a value that the server no longer uses. If that situation occurs, the value appears in the Record Inspector as (suspended). Records might have one or more values that are marked as suspended. Any records on the chart that have suspended values show in a count on the records bar. You can type 'suspended' into the Security compartment search box to filter by suspended values and remove them, and you can edit records to remove the suspended values.

Procedure

To edit the security settings of an i2 Analyze record, follow these steps:
  1. Ensure that the record that you want to edit is displayed in the page view of the Record Inspector.
  2. Click the Details tab to display details about the record.
    In the Security section, you can see the current security dimension values for the record. If you can edit these values, Edit buttons and drop-down lists are visible.
  3. Select the security dimension that contains the values that you want to edit.
  4. Select the dimension values to apply to the record.

What to do next

When you complete your edits, upload the affected records to the Information Store. You might be able to upload records that have suspended values, depending on your assigned security values and if the security dimension is set to "ANY" or "ALL". For example, where a security dimension is set to "ALL", users must have access to all in order to work with the record. For more information about uploading records, see Uploading records to the Information Store.