[NXP-27383] Record management - Override the retention period of a record - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: None
Component/s: BlobManager, Retention

Epic Link:
Retention addon V1 - SEC 17a-4 compliance
Tags:
- Retention
- SEC17a-4

Description

Context

SEC-17a-4 (17 CFR § 240.17a-4 - Records to be preserved by certain exchange members, brokers and dealers.) is a US regulatory related to the records preservation.

The main areas are related to secured storage, retention management, change and deletion prevention, legal hold, and audit trail.

Prerequisite

For the record documents storage, we will use Amazon S3 capabilities with a bucket with the following parameters:

Versioning turned on
Compliance mode turned on
No default retention in the bucket (or default retention as 0)

cf. https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/doc_source/object-lock-overview.md

cf. https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html

User stories

As a granted user, I want to be able to lengthen the expiration date of a document under a retention policy
As a broker dealer, I want that no one can shorten the retention period, even an administrator
As a broker dealer, I want the event "Retention period updated" to be logged in the audit/history including the new expiration date when the retention is updated

Description

The goal is to improve the retention management by allowing only to lengthen the retention period (never shorten it), including at storage level.

Improvements:

Override the retention period at storage media level by updating the expiration date (retain until date) on Amazon S3
- Use setObjectRetention method (cf. https://docs.aws.amazon.com/AmazonS3/latest/API/Type_API_ObjectLockRetention.html )

Provide a UI action to lengthen the retention period

User experience

Override retention period to a record:

History display:

Acceptance criteria

The expiration date is updated at Amazon S3 level once a user overrides it at Nuxeo level,
The expiration date defined on S3 is exactly the same one as on Nuxeo Server,
I can override a retention policy to a document only if I have the Set retention permission,
As a user, I can NOT shorten the retention period,
As an administrator, I can NOT shorten the retention period,
As a developer, I can NOT shorten the retention period by using Nuxeo API,
As a developer, I can lengthen the retention period by using Nuxeo API,
The event "Retention period updated" is displayed, including the new expiration date in the comment, on the history of the document / Audit when I override the retention period

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

image-2019-05-23-14-08-29-229.png
1.10 MB
2019-05-23 12:08
image-2019-05-23-14-09-26-620.png
23 kB
2019-05-23 12:09
image-2019-05-23-14-10-03-962.png
23 kB
2019-05-23 12:10
image-2019-05-23-14-10-14-858.png
32 kB
2019-05-23 12:10

Issue Links

depends on

NXP-27435 Record, Retention and Hold low-level implementation

Resolved

NXP-27692 Integrate Retention addon

Resolved

duplicates

NXP-27692 Integrate Retention addon

Resolved

is related to

NXP-28552 Record management - Add events in the audit trail

Resolved

NXP-28784 Record management - Missing labels in the audit for retention events

Resolved

is required by

NXP-28785 Record management - Expiration date discrepancy between document view and audit

Resolved

(1 is required by)

Activity

People

Assignee:

Julien Aubenque

Reporter:

Julien Aubenque

Participants:

Julien Aubenque

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

2019-05-16 11:03

Updated:

2020-04-07 12:50

Resolved:

2020-04-07 12:49