PriSM extends Object & Usage Privileges
Allowing granular control over what objects can be created in specific locations. A PriSM Configuration allows a taxonomy designer to restrict access to specific objects within specific areas for specific user groups. For example, the creation of folders is locked down in many organizations for Knowledge Managers who create folders. PRISM will allow users to create folders in their personal workspace but not in the enterprise area.
PriSM also allows system administrators to restrict specific file extensions that can be uploaded to Content Server. For example, you could restrict the ability to add Outlook PST files or Windows executable files.
Augment and Manage Permissions
PriSM also provides the ability to augment and manage permissions of content based on category attribute values. For example, you could define a rule that would grant the Human Resource department access to any document where the Personnel File category was added. Or the Legal Department access to any document where the “Document Information” category has the “Type” attribute set to “Contract”. PriSM introduces the concept of users having the privilege, not just the permissions, to see content. First, you can ensure that specific content is never allowed to have public access. Second, you can specify a specific group that users must be a member of to have the privilege to see certain content. Third, you can apply this restriction to system administrators. These combine to help ensure against accidental exposure. For example, you might configure the Human Resource folder such that only members of the HR groups have access to them, including system administrators. This way, a system administrator
Keeping control of the content within your Content Server environment is vital. When creating, moving or copying content, you never want sensitive or confidential information exposed. Content Server does not readily provide users with the ability to see what access rights they are giving to the information they publish. As such, they tend to just add content assuming that someone has previously set up permissions correctly on the parent folder. With capSpire Privilege Security Management (PriSM), users no longer have to make these unsafe assumptions, giving them the confidence that information they add will be secure and only accessible by the appropriate audience.
Improved taxonomy adherence
Your organization’s taxonomy might look fine on paper but the standard Content Server access controls do not enforce adherence to its structure. PriSM provides the ability to control where content is added, ensuring that designed plans are adhered to.
The global nature of access management within a standard Content Server environment can limit the ability of your organization to maintain a structured plan. Through PriSM you can bring order to your taxonomy, allowing specified users to add only certain types of content into pre-determined locations – a level of control that is not possible in Content Server out-of-the-box.
PriSM helps you to remove confusion for your less experienced and occasional users. By showing only those types of content that are permitted to be added, the result is cleaner, easier to use and less confusing.
Reduced risk of publishing confidential material
When documents are moved or copied in Content Server, it is not obvious what access rights will be given to the document in its new location. PriSM surfaces these new rights to the user at the moment of creation. The user can then decide if these are correct and make adjustments accordingly. This avoids assuming content has the correct access rights and makes controlling permissions a part of normal Content Server activities.
How does PriSM work?
- Visually illustrates the access permissions that will be applied to an item when it is created, copied, or moved. This gives you the opportunity to confirm and modify these according to your needs, thus avoiding unintentional exposure of confidential information.
- Limits the kinds of objects that can be created in defined areas of your Content Server repository.
- Adds a new level of granularity to access permissions then is typically available in Content Server.
- PriSM’s extensions to Content Server privileges are implemented at the API level, ensuring enforcement of governance regardless of how users or processes interact with the environment.
- Provide governance over where specific object types can be created. Specific object types can be disallowed in all instances of a particular volume type. This governance is reflected in whichever interface is being used to reduce confusion.
- Because the applicable permissions are surfaced to the user when adding, moving, or copying content, he/she will know how secure the document will be in the new folder.
- During the same move/copy/create action the user can easily impose stricter access controls for sensitive material.
- PriSM operates at an API level, thus ensuring the same controls irrespective of how Content Server is being accessed.