Security and document stores

The security of Content Manager document stores operates on two levels:

  • Content Manager works on the basis of access permissions for electronic records.

    Access is determined by:

    • Security Levels
    • Caveats and
    • Access Controls

None of the security features below need to be tied directly to the setup of the electronic document store or stores.

The stores are transparent and Content Manager accesses the stored documents through the security features outlined above.

For ease of administration, organisations may prefer to have only one store for the whole organisation for backup or data integrity purposes and maintain group access - if required - to the electronic documents via the Groups security function.

If multiple stores are being considered, then usually because of very large volumes of data, rather than for maintaining security.

The three security features in Content Manager maintain:

  • Security Levels - hierarchy control
  • Security caveats - privacy control
  • Access Control - specific user level access

A user account must have read, write, search and delete access to the store folder to be able to write and delete from the store according to their access permissions in Content Manager.

This shows that Content Manager also respects the security features of the operating system when setting up document stores.

The Windows file system store type offers the feature of hidden share access on a server - see more below.

This enables users to access electronic documents from within Content Manager, but with other applications - for example, Windows Explorer - the file system will hide the documents from view.

  • Hidden share - some operating systems provide for a hidden share.

    A hidden share is a shared folder or folder structure to which a user may have permissions but will never be able to see in Windows Explorer etc.

    To test, create a folder somewhere where your test user does not have any permissions and then create a hidden share for this folder and give them full access permissions to the hidden share folder.

    To create the hidden share, add a dollar sign to the end of the folder name.

    For example, if the test folder is called barrel to which a user has no access, add to that folder a share named rollout$ to which you give the user full access.

    The whole document store may be in the rollout$ share folder and the user will never see this in e.g. Windows Explorer.

    Only the Content Manager administrator can see the actual Location of the document store.

NOTE: Content Manager supports third party electronic document stores. These often require logins via their client software and provide very real obstructions to anyone even knowing where the objects are stored.