Agreements as Exceptions to Non-Null Security Label Values
An agreement can provide an exception to a standard security label value or to all values of a custom security label. For example, if a user needs to access an object that has a standard security label applied, but that user is not an authorized participant for that security label value, that user can be cleared for the value through an active agreement for a predetermined amount of time. A standard agreement can clear additional participants for the value of specified security-labeled objects. Any security-labeled object can be associated with a standard agreement. A context-based agreement can clear additional participants for the value of all security-labeled objects within the same context as the agreement. Once cleared for the security label value, the participants then must have the appropriate access control permissions to be able to take their desired action on the object.
Agreements can only be created and modified by members of a user-defined, site-level agreement managers group. This group is specified in the security labels configuration file. Depending on their permissions, agreement managers may be able to create agreements in the project, product, library, organization, and site contexts. Agreements are not accessible through the context folder structure. They are only accessible through the Agreements page or from a search results table. Only members of the agreement managers group can access the Agreements page.
For more information, see
Agreements.