Document access control

Access scenarios today are more complex than ever, thanks to the increased need for mobility, usability and flexibility. Think, for example, about all those millions…

Access scenarios today are more complex than ever, thanks to the increased need for mobility, usability and flexibility. Think, for example, about all those millions of additional people who are now working from home offices. This makes it challenging to protect data stored in IT systems against unwanted access, and to prevent data theft by authorized system users while processing sensitive data.

The key to managing these challenges lies in finding a balance between pragmatic flexibility and context-adapted security measures.

Recently, a customer came to me with a question about security: What is the right approach in document management to protect sensitive content from unauthorized access in OpenText™ Content Server? Among the initial ideas we considered was using metadata like categories or classification. This would require a step-wise, expandable approach that, as much as possible, leaves the current implementation and configuration status untouched.

Let’s consider this approach in more detail:

The right approach, of course, depends on your individual requirements and overall implementation scenario. Achieving satisfactory results requires a holistic implementation perspective, experience and insight—this means considering interdependencies, the system ‘look and feel’ and the associated configuration options. In OpenText Content Server, things like categories and classifications involve different types of metadata.

For example, categories would work best when you’re using purely descriptive and editable labels for documents: attributes like public, confidential or secret, selected from a single-value drop-down list.

Classification, on the other hand, might be more suitable when using classification schemes, records management or file plans.

When considering expandability, however, think about the goals you want to achieve. Descriptors like confidential and secret indicate document classes that must be specially protected by system functionality for compliance reasons. You also want to think about access by user groups that are privileged in terms of system technology but are not part of the group of addressees—such as system administrators. Other matters to consider: Who is permitted to set up, assign or update this kind of metadata? And how should a content-oriented access hierarchy be mapped? Setting controls through solely descriptive metadata and supplementary object authorizations can quickly become confusing and difficult to maintain.

There’s good news, though, for those struggling with issues like this. OpenText Content Server offers useful features that help with these kinds of scenarios. In particular, Supplemental Marking and Dynamic Security Clearance let you control differential metadata-dependent and system-secured access to documents that need special protection. This offers many benefits:

  • Only authorized users with the appropriate security clearance level can access highly confidential documents. This access control level is independent from the standard access control options to address a meta requirement.
  • Users with system administration rights cannot automatically access highly confidential documents.
  • Users can access an object only if they have markers assigned to the desired object and have default permission to view the document. Markers are organized hierarchically. And only a specific group of users—for example, compliance officers—can assign markers to users.
  • Dynamic Security Clearance can also differentiate between devices and geolocations from which access is or isn’t allowed.

So if you’re looking for the best way to protect content from unauthorized access in OpenText Content Server, look no further than Supplemental Markings and Dynamic Security Clearance. They provide the security and flexibility needed for controlled access to highly sensitive documents.

To learn more about information architectures based on OpenText Content Server and the benefits of Supplemental Markings and Dynamic Security Clearance, please contact us or visit OpenText Professional Services.

Author: Martin Schwanke, Manager, Professional Services

Share this post

Share this post to x. Share to linkedin. Mail to
Professional Services – Content Services avatar image

Professional Services – Content Services

The OpenText Content Management Practice consists of ECM Services experts with collective experience of thousands of implementations on a global scale. They are 100% certified in our technologies, and dedicated to successfully implementing OpenText ECM solutions for our clients.

See all posts

More from the author

The key to successful large-scale migrations to cloud

The key to successful large-scale migrations to cloud

Many organizations are still in the process of migrating off-cloud (on-premises) Content Suite solutions into the OpenText™ Cloud. If an organization has a very large…

4 minute read

The right Content Services platform on your Cloud journey

The right Content Services platform on your Cloud journey

Today, the power of digital transformation has been realized by every enterprise organization across the globe. The transformation to become flexible and adaptable starts with…

3 minute read

Out with the old, in with the new

Out with the old, in with the new

The challenges of a global market and international competition with ever shorter innovation cycles are omnipresent.  Global interactive networking paves the way for modern cloud…

4 minute read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.