Designating a Document as Confidential

There are two aspects to document confidentiality in nVIRO:

  1. an applicant can request that an attached document be kept confidential, and

  2. internal agency users can set a document to be confidential.

Each feature is described below.

Applicant Request for a Document Attachment to be Kept Confidential

If a document attachment control has been configured in form design to allow the attachment to be specified as confidential, then an applicant will have the ability to request it to be kept confidential when filling out the form. 

After the document is uploaded, a Confidential checkbox appears allowing the applicant to request confidentiality:

If the confidential checkbox is checked, a secondary text area appears where an explanation must be provided. The label for this text box is configurable by the form designer.

Technical Note: support for this feature can be turned on or off globally in nForm using the deployment configuration setting "attachments.allowConfidential" with a value = "true"

When the submission is processed by an internal user, the attached document defaults to an Internal security class. On the submission document list page, a visual indicator is presented on the document to let the processor know that the applicant requested the document be kept confidential. The "reason for confidentiality" text provided by the applicant is visible to the internal processor if they open the document's Details page. 

While the form submitter requests confidentiality, the internal processor decides whether or not to abide by this request. 

If the internal processor attempts to publish the document, a confirmation warning pop-up is displayed, alerting the user that the applicant requested the document be kept confidential. The internal user can choose to ignore the alert and proceed to publish the document.

Setting a Document as Confidential

Independent of the applicant confidentiality settings above, internal users can set a document to be "agency confidential" by changing the Security Classification on the document's Details page to Confidential.

When a document security classification is set to Confidential, the Agency Confidential Settings appear:

The confidentiality settings allow one or more users to be given permission to view or edit the document. The permissions are specified using one of three Security Levels:

  • Owner - Users with a security level of Owner may add, modify, or remove user access to confidential documents via the confidentiality settings.

  • Edit - Users with a security level of Edit may edit the document and document-related data (e.g., Description).

  • View - Users with a security level of View may view and download the document, but cannot edit the document or update document-related data.

The system requires at least one Owner specified in the confidentiality settings. The user who specifies the document as confidential is automatically added and set with a security level of Owner.

The following table lists the Agency Confidential Settings fields:

Field

Description

Add User

This field is used to select a user to grant access to the document. Selecting a user and clicking the Add button will add the user to the confidentiality security list.

Name

Name of the user who has been granted access to the document.

Security Level

Security level granted to the corresponding user in the list.

To grant or change user access to a confidential document:

  • Select the user from the Add User dropdown.

  • Click the Add button The user is added to the Confidential Settings list.

  • Select the Security Level for the user.

  • Click the Save button at the bottom of the screen to save changes

To remove user access from a confidential document:

  • Click the X button to the right of the user name. The user is removed from the list.

  • Click the Save button at the bottom of the screen to save changes.

The user must have Owner security level on the document to grant or change access.

Once the document has been classified as confidential, it cannot be viewed or downloaded by anyone that is not on the list of assigned confidential users or who does not have the ManageConfidentalDocuments permission/role.

Technical Note: A permission named ManageConfidentialDocuments controls who can or cannot edit the 'Agency Confidential' checkbox. This permission is included by default with the System Administrator - Documents security group. If a client wants more control over how this permission is distributed, then this role/permission should be removed from the System Administrator - Documents security group and assigned only to desired users.