Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-27383

Record management - Override the retention period of a record

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: BlobManager, Retention

      Description

      Context

      SEC-17a-4 (17 CFR § 240.17a-4 - Records to be preserved by certain exchange members, brokers and dealers.) is a US regulatory related to the records preservation.

      The main areas are related to secured storage, retention management, change and deletion prevention, legal hold, and audit trail.

       

      Prerequisite

      For the record documents storage, we will use Amazon S3 capabilities with a bucket with the following parameters:

      • Versioning turned on
      • Compliance mode turned on
      • No default retention in the bucket (or default retention as 0)

      cf. https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/doc_source/object-lock-overview.md

      cf. https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html

       

      User stories

      • As a granted user, I want to be able to lengthen the expiration date of a document under a retention policy
      • As a broker dealer, I want that no one can shorten the retention period, even an administrator
      • As a broker dealer, I want the event "Retention period updated" to be logged in the audit/history including the new expiration date when the retention is updated

       

      Description

      The goal is to improve the retention management by allowing only to lengthen the retention period (never shorten it), including at storage level.

      Improvements:

      • Provide a UI action to lengthen the retention period

       

      User experience

      • Override retention period to a record:

       

       

      • History display:

       

      Acceptance criteria

      • The expiration date is updated at Amazon S3 level once a user overrides it at Nuxeo level,
      • The expiration date defined on S3 is exactly the same one as on Nuxeo Server,
      • I can override a retention policy to a document only if I have the Set retention permission,
      • As a user, I can NOT shorten the retention period,
      • As an administrator, I can NOT shorten the retention period,
      • As a developer, I can NOT shorten the retention period by using Nuxeo API,
      • As a developer, I can lengthen the retention period by using Nuxeo API,
      • The event "Retention period updated" is displayed, including the new expiration date in the comment, on the history of the document / Audit when I override the retention period

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jaubenque Julien Aubenque
                Reporter:
                jaubenque Julien Aubenque
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: