Authorization

Content Cortex provides fine-grained access control for all resources through permissions and governance capabilities. These capabilities manage access control, legal holds, retention policies, and audit to maintain content security and compliance.

Permissions and governance capabilities

Content Cortex provides comprehensive permissions and governance capabilities that work with other capabilities to ensure secure content access and regulatory compliance.

The permissions and governance capabilities include:

Access control: Provides fine-grained authorization for all resources. Content is secured by assigning users and groups with access control levels for viewing content, updating content, updating metadata, updating access rights, and publishing. Default access rights can be defined for each class of object, and security policies can be used to predefine access rights across many documents.
Legal holds: Enables organizations to preserve content for legal and regulatory purposes. Legal holds prevent content from being modified or deleted, ensuring that evidence is maintained for litigation, investigations, or compliance requirements.
Retention policies: Automates content retention based on business rules and regulatory requirements. Retention policies define how long content must be kept and when it can be disposed of, ensuring compliance with data governance regulations.
Audit capabilities: Tracks and records all content access and modifications. Audit logs provide a complete history of who accessed content, what changes were made, and when actions occurred, supporting compliance reporting and security investigations.

These capabilities deliver measurable business value by reducing compliance risks through automated policy enforcement, protecting sensitive information with granular access controls, ensuring regulatory compliance with audit trails, and enabling secure AI operations through policy-based governance.

Access control for AI integration

The permissions and governance capabilities ensure that AI agents and applications access content securely through the MCP (Model Context Protocol). When AI agents request content through the Core MCP server or perform operations through other MCP servers, access control policies are enforced to ensure that only authorized operations are performed.

This integration enables organizations to deploy AI-powered applications while maintaining enterprise security standards. Access control policies apply consistently whether content is accessed by human users or AI agents, ensuring that sensitive information remains protected while enabling intelligent automation.

Workflow and queue security

You can set security levels on workflow rosters, work queues, user queues, and component queues. The security levels you set affect the user's access to the work items contained in the roster or queue.