Overview
Using the self-service ImageNow Security Request form, users are able to request the permissions they need to perform their job functions directly from the data owners. Perceptive Content document permissions are based on group memberships, in which the groups represent a specific level of access, such as the ability to view or print documents, to one particular drawer. Each drawer has an assigned person (the data owner) that is individually responsible for approving access to their documents and workflows.
For example, Alex needs to view and print documents in the ABC department drawer for his job function. Alex would submit a request to be added to the ABC-View and ABC-Print groups, which would then go to Max for approval. Once Max approves Alex's request, the request is sent to the Perceptive Content administration team to be processed. The administrators add Alex to the respective groups and notify him via email that his request has been completed.
Process
- The user requesting access (or someone requesting access on a user's behalf) fills out the security request form
- An approval request is sent to each requested groups' data owner
- Data owners approve or deny access for the requestor for each group referenced in the request
- Once all of the requested group permissions have been approved or denied, access to Perceptive Content will be granted within 2 business days
Important Links for Requestors
Submit a new Perceptive Content Security Request
Important Links for Document Owners
Pending requests for My Department Documents
Pending requests for My Staff
Frequently Asked Questions
Q1. Why do I have to fill out a security request?
A1. The security request process is a security mechanism to keep CMU's data safe and secure. All Perceptive Content users must receive explicit permission by data owners to access documents, drawers, and workflow. The Perceptive Content team uses these requests to audit permissions and access, as well as provide transparency to end-users. As such, we will redirect any requests made outside the process to change permissions to the security request form.
Q2. A drawer has more than the standard four groups. What do these other groups do?
A2. For most implementations, each drawer has four standard groups prefixed by the drawer name and ending with a suffix in the table above. Based on the specific implementation, there may be additional groups for specific workflow permissions (typically denoted by a WF), using annotations (typically denoted by Annot), or groups that restrict certain sets of data from a particular drawer (usually labeled Confidential or Restricted). In rare cases, implementations may still use an outdated model of permissions such as SendAsAttachment or Delete. The administration team is working to remove these groups and align the permissions for that drawer to the standard model listed above.
If you would like to know more about your implementation's groups and permissions, please submit a ticket to the Perceptive Content System.
Q3. How do I know what groups to choose for my request?
A3. The specific permissions you need will typically be unique to your specific job requirements. For your convenience, we allow you to specify another username to copy permissions from, so that you may select another user with similar access to start from. Keep in mind, however, that your access will be limited to what the individual data owners explicitly approve.
If you are not sure exactly what groups to choose or what user to copy, ask your supervisor for assistance. Due to the nature of implementation-specific processes and permissions, we may not have specific, off-hand knowledge of what you may need. However, the Perceptive Content team may be able to facilitate a researching a particular set of permissions for you and your supervisor on request of the Perceptive Content System.
Q4. What is a data owner?
A4. Data owners are people around campus the Perceptive Content team has designated as responsible for auditing permissions to their respective security groups. The Perceptive Content team is not intimately familiar with the individual needs of every user on campus, and this role helps provide a boots-on-the-ground approach to ensuring that individual departments are kept in the loop about who can access their documents.
Q5. Do I need to submit a security request form if I already have an account but need to change my access?
A5. Yes. The security request process covers both new accounts and existing accounts. It will add whatever new permissions you are approved for your existing permissions.
Q6. One of my requests is stuck. What can I do?
A6. Please submit a ticket to the Perceptive Content System with the Global ID of the user or request number (if available) and the Perceptive Content team will look into where the request is held up.
Q7. Why was my request denied?
A7. Data owners have a chance to specify a reason but some do not. Some of the common reasons are:
- A request was made for Delete / Update / Create when only the view permission was needed
- A request was made for Print permissions but the data owner does not agree with your use case
- The data owner did not approve the request within 2 weeks
- A request was made to copy someone's permissions that include old permissions that are no longer relevant
Q8. Why am I approving someone that does not work in my department?
A8. You are listed as the data owner of a set of documents. The person that has submitted the form would like access to your documents.
If you believe you are incorrectly listed as a data owner, please submit a ticket to the Perceptive Content System and the Perceptive Content team will contact you about designating someone else to fill that role.
Q9. Can I use the security request form to remove permissions?
A9. To request the removal of permissions, please submit a Perceptive Content Account Removal Request and describe the permissions you would like to be removed in the request notes. Please note that the removal process is not yet automated at this time. The administrators will contact you if there are questions regarding the request to ensure the accuracy of the result.
Q10. I used to have a certain permission, but now I don't. What happened?
A10. A data owner has the final say over the access other users have to their documents. As such, a data owner may have requested the removal of permissions to certain individuals or groups of users. If you need a particular permission that you used to have, please submit a new ImageNow Security Request with the permissions you need and provide a use-case justification for the data owner. In the event you have the permissions you need but are still unable to perform certain functions, submit a ticket to the Perceptive Content System for the administrators to troubleshoot.
Q11. Do permissions get removed automatically for people who leave? What are the triggers for doing so?
A11. There are two cases where permissions will be removed automatically:
- On notification of staff separation from HR - Users' group memberships are recorded and removed within 8 business hours of their last day worked, typically removed at the end of the day of their last day. Please note that this does not include student employees or faculty, as those separations are not included in notifications to the Perceptive Content admin team.
- During a security audit - All users that are not current employees or students are automatically removed during a security audit. Audits happen 2-3 times per year, typically at the end of a semester.
Q12. Who do I contact if there are issues?
A12. Please send all issues or feedback to helpdesk@cmich.edu or submit a ticket to the Perceptive Content System.