Skip to content

Working with Access Caveats

Overview

Access Caveats are security labels that you can apply to records containing sensitive information. When you use Access Caveats, only authorised team members can access the record, providing an additional layer of security beyond standard permissions.

When to Use Access Caveats

Use Access Caveats when your record contains sensitive information that should only be accessible to specific teams.

How to Apply Access Caveats

Step 1: Enable Record Restriction

When creating or editing a record, select a 'restricted' Security Classification label.

⚠️ Important: Records must be restricted for Access Caveats to work properly.

Step 2: Select Appropriate Caveats

  1. Find the Access Caveats field (may be labeled "Team to restrict access")
  2. Select one or more caveat types that match your content:
  3. Personnel
  4. Cabinet
  5. Legal
  6. Freedom of Information
  7. You can select multiple caveats if the record contains different types of sensitive information

Step 3: Save and Verify

  1. Save your record
  2. Verify the Access Caveats appear correctly in the record summary
  3. Test access with colleagues to ensure the restrictions work as expected

Understanding Access Behavior

Who Can Access Caveat-Restricted Records

Access is determined by: 1. Your role assignments - configured by administrators 2. Security group membership - your Azure AD group memberships
3. Caveat matching - whether your permissions match the record's caveats

Access Denied Scenarios

You may not be able to access a restricted record if: - You're not in the appropriate security group for the caveat type - The record has caveats that don't match your role permissions - Your role assignment doesn't include caveat-based access

Getting Access

If you believe you should have access to a caveat-restricted record, contact your administrator.

Common Questions

Q: Can I change caveats after creating a record?

A: Yes, authorised users can modify Access Caveats when editing a record. Changes take effect immediately.

Q: What happens if I don't restrict the record but apply caveats?

A: Access Caveats only work when a 'restricted' Security Classification label is applied. Without restriction, normal role-based permissions apply.

Q: Can I see who has access to my caveat-restricted record?

A: Contact your administrator for information about which groups have access to specific caveat types.

Getting Help

If you need assistance with Access Caveats:

  1. Check this documentation for common scenarios and solutions
  2. Contact your team lead for guidance on appropriate caveat use
  3. Contact administrators for technical issues or access requests
  4. Review training materials provided by your organization