Permissions for records management in 3.4 doesn't make any sense to me. There are something like 3 levels of permissions that need to be set where there used to be only one set to choose from. I don't understand why it has been made so complicated. The design lends itself to all kinds of problems (some of which I've already found). A user needs to be a member of a site group and a records group as well as having read or read/file permissions set on individual folders. Nowhere is it documented how these permissions interact with each other. In fact, it is possible to have users in groups with seemingly contradictory permissions. For example, I could have a user that is a site consumer that is also a records administrator. Well, a records administrator has read and file privileges by default (allegedly), but a site consumer only has read privileges. So which one wins? Then on top of this you can change capabilities for different roles, which causes odd behavior too - for example, disabling the capability to create in a cutoff folder also removes a user's ability to uncutoff a folder. And on top of THAT, you can also set different permissions through the repository view. Who knows what is going to happen in any given combination? Your support engineers certainly don't, and I don't blame them either. Extremely poor design. Hopefully it will be rectified in the next version.