Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-27383

Record management - Override the retention period of a record


    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: BlobManager, Retention



      SEC-17a-4 (17 CFR § 240.17a-4 - Records to be preserved by certain exchange members, brokers and dealers.) is a US regulatory related to the records preservation.

      The main areas are related to secured storage, retention management, change and deletion prevention, legal hold, and audit trail.



      For the record documents storage, we will use Amazon S3 capabilities with a bucket with the following parameters:

      • Versioning turned on
      • Compliance mode turned on
      • No default retention in the bucket (or default retention as 0)

      cf. https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/doc_source/object-lock-overview.md

      cf. https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html


      User stories

      • As a granted user, I want to be able to lengthen the expiration date of a document under a retention policy
      • As a broker dealer, I want that no one can shorten the retention period, even an administrator
      • As a broker dealer, I want the event "Retention period updated" to be logged in the audit/history including the new expiration date when the retention is updated



      The goal is to improve the retention management by allowing only to lengthen the retention period (never shorten it), including at storage level.


      • Provide a UI action to lengthen the retention period


      User experience

      • Override retention period to a record:



      • History display:


      Acceptance criteria

      • The expiration date is updated at Amazon S3 level once a user overrides it at Nuxeo level,
      • The expiration date defined on S3 is exactly the same one as on Nuxeo Server,
      • I can override a retention policy to a document only if I have the Set retention permission,
      • As a user, I can NOT shorten the retention period,
      • As an administrator, I can NOT shorten the retention period,
      • As a developer, I can NOT shorten the retention period by using Nuxeo API,
      • As a developer, I can lengthen the retention period by using Nuxeo API,
      • The event "Retention period updated" is displayed, including the new expiration date in the comment, on the history of the document / Audit when I override the retention period



          Issue Links



              • Assignee:
                jaubenque Julien Aubenque
                jaubenque Julien Aubenque
              • Votes:
                0 Vote for this issue
                1 Start watching this issue


                • Created:


                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.