Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
11 replies Latest Post - ‏2013-03-22T19:54:25Z by SystemAdmin
SystemAdmin
SystemAdmin
445 Posts
ACCEPTED ANSWER

Pinned topic Teamspace Subfolder as Security Parent

‏2013-03-11T20:30:46Z |
Is there a (simple and supported) way to change the way security is inherited in Teamspace subfolders?

The default behavior is for all objects to get a copy of the ACL that is on the teamspace, so documents and folders under a folder that has been changed still get the ACL of the teamspace (not it's parent folder). This means that while a teamspace team member on the "no access" list for a folder would not see that folder, they could still access the documents in it via search or from a link someone sent them.

Thanks!
Updated on 2013-03-22T19:54:25Z at 2013-03-22T19:54:25Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    445 Posts
    ACCEPTED ANSWER

    Re: Teamspace Subfolder as Security Parent

    ‏2013-03-13T15:20:25Z  in response to SystemAdmin
    Which repository CM8 or P8?
    • SystemAdmin
      SystemAdmin
      445 Posts
      ACCEPTED ANSWER

      Re: Teamspace Subfolder as Security Parent

      ‏2013-03-14T13:40:07Z  in response to SystemAdmin
      I have the same question as the OP; my response would be P8.
    • SystemAdmin
      SystemAdmin
      445 Posts
      ACCEPTED ANSWER

      Re: Teamspace Subfolder as Security Parent

      ‏2013-03-18T11:21:03Z  in response to SystemAdmin
      jaajuanMike, did you have any ideas on this?
      • SystemAdmin
        SystemAdmin
        445 Posts
        ACCEPTED ANSWER

        Re: Teamspace Subfolder as Security Parent

        ‏2013-03-18T15:06:58Z  in response to SystemAdmin
        I"m investigating a workaround for the current design. I should have a response today.
        • SystemAdmin
          SystemAdmin
          445 Posts
          ACCEPTED ANSWER

          Re: Teamspace Subfolder as Security Parent

          ‏2013-03-18T15:32:09Z  in response to SystemAdmin
          On a P8 repository you can setup a method to ADD TO the security of the Teamspace by using Entry Templates (with or without a security policy) and the Entry Templates Folder Association features. You will need to setup this configuration from Workplace XT, but once setup, it will be honored from the ICN Teamspace. Understand that if you wish to restrict access for existing team members relative to their Teamspace role, you will need to setup explict deny on the rights in question.

          1) Determine if the security model you need can be handled with the Entry Template security, or if a Security Policy will be needed.
          2) Create the Security Policy if needed
          3) Create the Entry Template (Set the folder setting to just the object store, as this setting is ignored when using the Entry Template Folder Association feature.
          4) In the security step of the Entry Template, set the Security Policy or setup the Entry Template security. These security settings will be added to the Teamspace inherited security and the security with the highest level of access "wins" when a user/group is getting security from the class, teamspace and ET/security policy. To restrict access, you may need to set explictly deny the right.
          5) Once the Entry Template is created, from Workplace XT, you will need to search for the Teamspace subfolder that you wish to associate with the Entry Template.
          6) From the search results, select the folder, open the context menu and select the option Perferences > Associate Entry Templates. Select the Entry Template(s) you wished to be used when adding documents to this folder. By default this setting will be used for all subfolders as well.

          If you do not see this action, you are not a member of the Access Role with rights to this action. Contact the Workplace XT admin, and have them setup a non-admin access role, add you as a member of that access role and add that role to the Associate Entry Template Action.

          7) From ICN, add content to that folder and confirm that the Entry Template is used and that your security setting are performing as desired.
          • SystemAdmin
            SystemAdmin
            445 Posts
            ACCEPTED ANSWER

            Re: Teamspace Subfolder as Security Parent

            ‏2013-03-18T19:36:28Z  in response to SystemAdmin
            Thank you Mary. This sounds promising. I will give it a try.
        • SystemAdmin
          SystemAdmin
          445 Posts
          ACCEPTED ANSWER

          Re: Teamspace Subfolder as Security Parent

          ‏2013-03-18T19:38:33Z  in response to SystemAdmin
          Mike, I marked the question answered because of Mary's imput, but I would be interested in your response as well.
        • SystemAdmin
          SystemAdmin
          445 Posts
          ACCEPTED ANSWER

          Re: Teamspace Subfolder as Security Parent

          ‏2013-03-22T18:38:12Z  in response to SystemAdmin
          Mike and Mary, the proposed solution/ work-around is a good try, but what we really need is for the "overridden" folder to become the new security parent for it's contents and subfolders. Essentially, the override folder needs to "break" teamspace security inheritance and subsequent interference when Teamspace security is changed. The ideal solution would present the teamspace ACL when the override folder is created, but not be affected by the Teamspace ACL once the folder is designated as an override, and from that point on down the security parent of any item would be the override folder until another override folder is created under it. See the attached PDF for a visual.
          • SystemAdmin
            SystemAdmin
            445 Posts
            ACCEPTED ANSWER

            Re: Teamspace Subfolder as Security Parent

            ‏2013-03-22T19:18:15Z  in response to SystemAdmin
            Another way to look at it might be to imagine that the add subfolder dialog had a "Use Teamspace" security checkbox. If they un check it, they are taking over security from that level down.

            I'm attaching an updated diagram with ACL call outs.
  • SystemAdmin
    SystemAdmin
    445 Posts
    ACCEPTED ANSWER

    Re: Teamspace Subfolder as Security Parent

    ‏2013-03-22T19:54:25Z  in response to SystemAdmin
    Original Idea tested and did not solve the issue.