-
Type:
New Feature
-
Status: Resolved
-
Priority:
Major
-
Resolution: Duplicate
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: BlobManager, Retention
-
Epic Link:
-
Sprint:nxFG 11.1.10
Context
SEC-17a-4 (17 CFR § 240.17a-4 - Records to be preserved by certain exchange members, brokers and dealers.) is a US regulatory related to the records preservation.
The main areas are related to secured storage, retention management, change and deletion prevention, legal hold, and audit trail.
Prerequisite
For the record documents storage, we will use Amazon S3 capabilities with a bucket with the following parameters:
- Versioning turned on
- Compliance mode turned on
- No default retention in the bucket (or default retention as 0)
cf. https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/doc_source/object-lock-overview.md
cf. https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
User stories
- As a broker dealer, I want to guarantee that a user can’t put to trash the record until the defined retention period has expired
- As a broker dealer, I want to guarantee that an administrator can’t put to trash the record until the defined retention period has expired
- As a broker dealer, I want to guarantee that a user can’t put to trash a record which is under legal hold
- As a broker dealer, I want to guarantee that an administrator can’t put to trash a record which is under legal hold
Description
Even if it's not a deletion, put a record in trash prevent the users to search and view the document in their original place, which is not consistent and could be used as a way to hide some important documents.
Currently, a user can put in trash a record which is under retention or a legal hold
Improvements:
- Prevent record trash on Nuxeo side for a document under retention and/or legal hold
Acceptance criteria
- As a user, I can NOT trash a document under retention,
- As an administrator, I can NOT trash a document under retention,
- As a user, I can trash a document once the retention has expired,
- As an administrator, I can trash a document once the retention has expired,
- As a user, I can NOT trash a document under legal hold,
- As an administrator, I can NOT trash a document under legal hold,
- As a user, I can trash a document once the legal hold has been removed,
- As an administrator, I can trash a document once the legal hold has been removed,
- As a developer using the Nuxeo REST API, I can NOT trash a document under retention,
- As a developer using the Nuxeo REST API, I can trash a document once the retention has expired,
- As a developer using the Nuxeo REST API, I can NOT trash a document under legal hold,
- As a developer using the Nuxeo REST API, I can trash a document once the legal hold has been removed,
- depends on
-
NXP-27692 Integrate Retention addon
-
- Resolved
-
-
-
- Resolved
-
