SecurityRecords Management for Microsoft Office SharePoint Server

Records Management for Microsoft Office SharePoint Server

Developer.com content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Introduction

Companies of every size, from multinationals to ‘Mom and Pop’ businesses, need to preserve information in a secure and reliable way, not only as a standard practice within the company but also for official purposes. The Records Management infrastructure of Microsoft Office SharePoint Server (MOSS) is designed to archive information no longer necessary in the daily running of the enterprise. The component is designed to ensure and protect the integrity of the content, register changes and authorization, ensure saved information is only accessible to authorized personal, and most importantly, assure that information cannot be altered or deleted. With Records Management, it is possible to block access at any point, if and when deemed necessary by the administrator.

The Records Center of Microsoft Office SharePoint Server (MOSS) is designed to manage this type of information. For example, many companies generate monthly financial reports for the tax authorities; if a conflict develops between the company and tax office, the company may be required to release reports and financial information with a guarantee that nothing has been altered or changed in any way. In this case, the company’s financial department can transfer the reports to the Records Center of MOSS in a special “Holds List” and attach a pre-defined secure ‘policy,’ for example, a statement that documents are irretrievable or ‘frozen’ until a determined authorization, date, and time. SharePoint saves the documents in the Records Center, accessible only to authorized personnel. The records are saved together with a special metadata file containing the Audit history records; this information is ‘blocked’ by the administrator to ensure its safekeeping and inaccessibility. There is an important difference between Audit, which only saves the history of the document, and the Records Center which takes this one step further by ‘freezing’ the document, making it completely inaccessible and irretrievable unless requested by proper authorization.

The limitation of this powerful component is that the Records Center is a MOSS component and does not function in Windows SharePoint Services (WSS).

Creating and Configuring a Records Center

Internally, the MOSS Records Center is a Site Template, making it possible to create as many Records Centers as necessary, but bearing in mind that only one may be active at any given moment. The site provides the necessary Lists for the Records Center, together with the mechanics for routing the information to the Lists and the authorization systems to ensure unauthorized users cannot view or access the Site except for sending documents to the Center. As the design of the Records Center is critical to its successful performance, it must be created with an eye to detail and function. Microsoft has published extensive information about the design of Records Centers (“Records Management Guide for Microsoft Office SharePoint Server 2007” http://technet2.microsoft.com/Office/logredir.aspx?MODE=CT&CTT=ToExternal&target=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D92720&referrer=http%3A%2F%2Ftechnet2.microsoft.com%2FOffice%2Fen-us%2Flibrary%2F550d5dcb-190e-4504-a8cb-4ea921d2d8e21033.mspx&reldir=en-us%2Flibrary and “Successful records management” http://office.microsoft.com/search/redir.aspx?AssetID=XT102058411033&CTT=5&Origin=HA102058501033)

To create a Records Center:

  1. Create a new Web Application for the Records Center or use a Web Application different from the Libraries’ Web Application. In theory, and according to Microsoft specifications, this is unnecessary, but practical experience indicates that the Records Center works optimally in a separate Web Application.
  2. In the new Web Application, create a Site Collection using the “Records Center” template (the template can be found in the “Enterprise” tab of the Template Section).
  3. In the Central Administration, click “Application Management;” under the “External Service Connections” section, use the “Record center” link to configure the created Site Collection. In the new window, select “Connect to a Records Center” and in the URL configure the address of the Records Center using the syntax “http[s]://ServerName/Site/_vti_bin/officialfile.asmx”; for example, http://Moss/_vti_bin/officialfile.asmx if the Records Center has been created under the root of the Site Collection. Note that the fragment “../_vti_bin/officialfile.asmx” is obligatory. Finally, select a “Display name” to identify the Records Center for users.
  4. Figure 1: Records Center Configuration in Central Administration

  5. Create a Directive un the Site where the Library containing the Records Center will be located (or Libraries; it is also possible to use the Records Center for Lists), go to “Site Actions” – “Site Settings” – “Site Collection policies”, and create a new policy. For the example, a “Notary Policy” policy was created, where “Enable Expiration” was activated with a retention period based on the Last Modified date plus one year, and with the condition that the Element will be deleted after the retention period expires. This policy indicates to the Records Center that each Element will be eliminated, without using the recycle bin, precisely one year after the last modification.
  6. Create a new Content Type. From “Site Actions” – “Site Configuration” – “Site content types” – “Create”, construct a new Content Type. For the example, a new “Notary Documents” Content Type was created, from the parent Content Type “Document Content Types” – “Document”.
  7. Figure 2: Creation of a Content Type

  1. If necessary, add columns to the new Content Type. From the configuration window of the Content Type, go to “Information management policy settings”, select “Use a site collection policy”, and click the Policy from Number 4.
  2. Go back to the Site and generate a Document Library (“Documents to register” in the example). Use all the default options.
  3. From the Library main page, go to “Settings” – “Document library settings” – “Advanced settings” and select “Allow management of content types”.
  4. Return to the Library configuration window, select “Add from existing site content types” under the Content Types section; in the “Available Site Content Types” List Box, search for the created Content Type (“Notary Documents” in the example) and add it to the List of Types to use. In a similar way, select the Content Type “Document” (created by default) and delete it from the Library, so that the “Notary Documents” Content Type is the only remaining Type.
  5. Finally, to configure the Records Center from Number 2, create a new Library in the Center to save the records from the working Library. For the example, a new “Notary Center” has been created using all the default options of the Library.
  6. Go back to the main window of the Records Center, open the “Record Routing” Library, and create a new item. In “Title”, use the name of the Content Type created in Number 4 (“Notary Documents”); this field signals the Records Center that all the documents created using the configured Content Type are saved in this Library. In “Location”, write the name of the Library where the documents will be routed; in the sample, it is “Notary Center”.
  7. Figure 3: Configuration of the Records Center

Use of the Records Center; Suspensions

At this stage in the process, SharePoint is configured to save the documents created in Libraries that use the “Notary Documents” Content Type in the “Notary Center” Library of the Records Center. Go back to the Library created in Number 7 (Library “Documents to register”) and create a new document. In the context menu of the document, a link appears to “The Records Center” under “Send to”.

Figure 4: Send a document to the Records Center

After a couple of seconds, SharePoint indicates that the operation was successfully completed, or if there has been an error, a message appears with the error type. By viewing the Records Center with an Administrator Account, it is possible to see that in the configured Library there is a new folder containing a copy of the sent document with extra characters at the end of the document name indicating that it’s ‘unique’; in case the same document is resent, this document will receive different extra characters to distinguish it from the ‘original’ item. There is also a sub-folder called “Properties” that contains an XML document with the same name as the main document containing all the configurations of the original Library and Document.

If for any reason a document needs to be placed ‘on hold or frozen,’ there is a special Library in the Records Center called the “Holds List”. Documents set on hold are unavailable until the item is no longer managed by any holds; a document can be fastened by more than one hold. To ‘freeze’ a document, create a new item in the Holds List (called “Suspension for Notary Documents” in the example), indicating a Description and one or more administrators as deemed necessary. From the Library that contains the managed documents, go to the document to be suspended (directly from the document; folders can’t be suspended) and from the context menu select “Holds administration” and select the created suspension item.

In a similar way, a suspension can be eliminated; in the Library page, it is possible to view the “Hold state”. By selecting a specific suspension item from the Holds List, it’s possible to examine all the reports related to the suspended documents.

Programming the Records Center Employing the MOSS API

The SharePoint API and its WebServices can be used to work programmatically with the Records Center. The MOSS Object Model has six Libraries—Microsoft.Office.RecordsManagement.Holds, InformationPolicy, PolicyFeatures, RecordsRepository, Reporting, and SearchAndProcess—that have the Classes necessary to interact with the Records Center.

Arguably, the central function of the Object Model in the Records Center is to send documents programmatically and to hold and un-hold them. These documents can be used, for example, in WorkFlows and Event Handlers in Libraries.

To upload a document to the Records Center using the Object Model, use code similar to the following routine (the routine can be used in a Console application directly, or by modifying the output, in any other type of application):

static void SendDocumentToRecordsCenterOM()
{
   try
   {
      string AdditionalInformation = string.Empty
      OfficialFileResult OperationResult;

      SPSite mySite = new SPSite("http://ServerName");
      SPWeb myWeb = mySite.OpenWeb();

      SPFile myDoc = myWeb.GetFile("LibreryDoc/DocName.docx");

      OperationResult =
         myDoc.SendToOfficialFile(out AdditionalInformation);

      Console.WriteLine("Operation State: " + OperationResult);
   }
   catch (Exception ex)
   {
      Console.WriteLine("Error - " + ex.ToString());
   }
 }

Note: Set references to “Windows SharePoint Services” (Microsoft.SharePoint.dll) and a Directive to “using Microsoft.SharePoint”.

“AdditionalInformation” is a variable (string) necessary to send complementary information about the document to the Records Center; “OperationResult” is other variable (OfficialFileResult) that saves the results of the upload operation, indicating its success completion or if there was an error (the values can be FileCheckedOut, FileRejected, InvalidConfiguration, MoreInformation, NotFound, Success, or UnknownError).

Two Objects of the type SPSite and SPWeb are created to make a reference to the document (“myDoc”, of the SPFile type) that uploads to the Center. Finally, the “SendToOfficialFile” Method of the SPFile Class takes care of the upload procedure and signals the results of the action.

To suspend or reactivate a document in the Records Center, follow this procedure:

static void HoldRegister()
{
   SPSite mySite = new SPSite("http:// ServerName:Port");
   SPWeb myWeb = mySite.OpenWeb();

   SPList myListRetension = Hold.GetHoldReportsList(myWeb);
   Console.WriteLine(myListRetension.Title);

   int SuspensionID = 0;
   foreach(SPListItem oneRetension in myListRetension.Items)
   {
      if(oneRetension.Name.Contains("Suspension for Notary
         Documents") == true)
      SuspensionID = oneRetension.ID;
   }

   SPList NotaryCenter = miWeb.Lists["Notary Center"];
   SPListItem DocToSuspend = null;

   foreach(SPListItem oneDoc in NotaryCenter.Items)
   {
      if (oneDoc.Name.Contains("One document for the Register")
         == true &&
         oneDoc.Name.Contains(".docx") == true)
            DocToSuspend = oneDoc;
   }

   Hold.SetHold(SuspensionID, DocToSuspend,
      "Made with the Object Model");
}

Note: In addition to the reference to the SharePoint DLL, the code requires a reference to “Microsoft Office Server DLL Component” (Microsoft.Office.Policy.dll) and a directive to “using Microsoft.Office.RecordsManagment.Holds.”

First, the code creates SPSite and SPWeb Objects to contain the Records Center. The variable “myListRetension” (SPList) is a reference to the Holds List used in the Center, and the loop locates the identifier (integer) of the Holds Police. In the example, the name of the policy is used, but there are other possibilities, probably more effective, as a query against the List.

In a similar way, a reference to the Library (“Notary Center”) containing the document to Hold is created together with the Object that contains the document (“DocToSuspend” of the type SPListItem). Finally, the “SetHold” method of the “Hold” Class (Microsoft.Office.RecordsManagement.Holds) places the document ‘on hold’, adding a comment if desired. An override of SetHold is used to ‘on hold’ the documents contained in a “SPListItemCollection”, should a bulk document suspension be necessary.

The “ReleaseHold” Method utilizes the identifier of the Hold and uses a reference to the SPWeb of the Library containing the document and the comment as parameters; together, they delete the Hold on the document. The Object Model contains a “RemoveHold” Method, but it is only for internal MOSS use.

Programming the Records Center Utilizing WebService

In the event the MOSS Object Model cannot be used, SharePoint has a default WebService to upload documents to the Records Center. The next routine will upload a document in this way:

static void SendDocumentToRecordsCenterWS()
{
   RegisterCenterWS.RecordsRepository myCentroRegistrosWS = 
     new RegisterCenter.RegisterCenterWS.RecordsRepository();
   myRegisterCenterWS.Url =
      "http://ServerName:port/_vti_bin/officialfile.asmx";
   myRegisterCenterWS.Credentials =
      System.Net.CredentialCache.DefaultCredentials;

   SPSite mySite = new SPSite("http://ServerName");
   SPWeb myWeb = mySite.OpenWeb();

   SPFile myDoc = myWeb.GetFile("Document to register/One document
                                 to Register.docx");
   byte[] myDocByte = myDoc.OpenBinary();

   RegisterCenterWS.RecordsRepositoryProperty[]
      RepositoryProperties =
      new RegisterCenter.RegisterCenterWS.RecordsRepositoryProperty[1]; 

   RepositoryProperties[0] =
      new RegisterCenter.RegisterCenterWS.RecordsRepositoryProperty();
   RepositoryProperties[0].Name = "Send by";
   RepositoryProperties[0].Type = "Text";
   RepositoryProperties[0].Value = myDoc.Author.LoginName;

   string OperacionResult =
      myRegisterCenterWS.SubmitFile(myDocByte, RepositoryProperties,
      "Notary Document ", myDoc.Url, myDoc.Author.LoginName);

   Console.WriteLine("Operation Result: " + OperationResult);
}

In Visual Studio, create a Web Reference to “_vti_bin/officialfile.asmx” (“RegisterCenterWS” in the example). The first code lines create the WebService Object, place the ASMX file in both the server and the Web Application of the Records Center, and initiate the appropriate credentials.

The SPSite, SPWeb, and SPFile Objects contain references to the document to be saved. Often, a document is not located within SharePoint; in this case, the reference may be obtained by using a WebService. The important point is that it is necessary to have an image of the document in a byte array (“myDocByte” in the example).

The variable “RepositoryProperties” is an array that contains information about the document to be saved and, later, is found in the corresponding “Properties” folder in the Records Center List. Because many Properties as necessary can be added, they can be of any type and with any content.

Finally, the “SubmitFile” Method uses the bytes stream with the document, the variable with the Properties, the name of the Content Type, its URL, and the user data to upload the document to the Records Center. The Method returns the results of the operation: Success, MoreInformation, InvalidConfiguration, InvalidArgument, InvalidUser, NotFound, FileRejected, or UnknownError.

There is no default WebServices in MOSS to place a Hold on a document or to release the existent Holds, but by using the Object Model it is easy to create a new WebService with this functionality.

Conclusion

The Records Center is an important MOSS component for companies that need to save critical or legally sensitive information. Only authorized personnel have access to the information and the Records Center isolates it from the routine sites in the portal.

Programming is achieved with the Object Model of MOSS and one of its default WebServices allowing authorized personnel full access to the Records Center, from uploading the documents to applying and releasing Holds.

About the author

Gustavo Velez is a MCSD Senior Application Developer for Winvision (http://www.winvision.nl), a Microsoft Gold Partner in the Netherlands. He has many years experience developing Windows and Office applications, and more than six years of daily programming experience with SharePoint. The author’s articles can be found in many of the leading trade magazines in English, Dutch, and Spanish. He is also pleased to be Webmaster of http://www.gavd.net/servers, the only Spanish-language site dedicated to SharePoint. Spanish-language readers may want to consult Velez’s book, Programación con SharePoint 2007 (http://www.dotnetmania.com/Libros/index.html). Velez has been awarded MVP status (Most Valuable Professional, http://mvp.support.microsoft.com/), in the area of SharePoint MOSS.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories