-
Type:
Task
-
Status: Resolved
-
Priority:
Major
-
Resolution: Duplicate
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: BlobManager, Retention, Web UI
Context
SEC-17a-4 (17 CFR § 240.17a-4 - Records to be preserved by certain exchange members, brokers and dealers.) is a US regulatory related to the records preservation.
The main areas are related to secured storage, retention management, change and deletion prevention, legal hold, and audit trail.
Prerequisite
For the record documents storage, we will use Amazon S3 capabilities with a bucket with the following parameters:
- Versioning turned on
- Compliance mode turned on
- No default retention in the bucket (or default retention as 0)
cf. https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/doc_source/object-lock-overview.md
cf. https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
Description
As we don't support attachments as part of the file content to be moved as records (move the binaries from standard S3 bucket to compliance mode S3 bucket), the attachments wouldn't become immutable which is not compliant with SEC 17a-4.
So, we need to remove the attachment capability when the SEC 17a-4 retention module is added to a Nuxeo platform.
Improvements:
- Remove the capability of adding an attachment to a document in WebUI
- Remove the capability of adding an attachment to a record in WebUI
Acceptance criteria
- As a user, I can't add an attachment to an existing document,
- As a user, I can't add an attachment to a document declared as a record (i.e. a retention policy has been applied to the document),
- As an administrator, I can't add an attachment to an existing document,
- As an administrator, I can't add an attachment to a document declared as a record (i.e. a retention policy has been applied to the document),
