Product DocsMenu

Security Model Types

Each enterprise repository follows a security model to control who can access each item it contains. The security model complexity can range from allowing full anonymous access to requiring the resolution of permissions for several security layers. Repository security models can be classified in three types.

Direct permissions

A user must be allowed in a single permission set to be able to view a document.

Restrictive permissions

A user must be allowed in many permission sets to be able to view a document.

Example: In an Atlassian Confluence collaborative site, permissions can be specified for three entities:

  • Global - Applicable to the whole site

  • Space - Applicable to a given Space (a space is a main subdivision in a Confluence site) 

  • Page - Applicable to a specific document

A user must have read access from all three permission sets to be able to see the document. A user will not be able to see a document when he is denied in any of these permission sets.

Permissions with priority

Two or more security layers are considered sequentially. A user may be unknown in a first security layer (no permissions set for him) in which case the next security layer is referred to. The first layer that specifies permissions for a user is applied. Following priority layers are not considered.

Example: In an NTFS file system, you can set permissions on a folder. The folders and files it contains inherit these permissions (File Share Permissions). You can also set explicit permissions on a file (NTFS Permissions). The explicit permissions have a precedence on the inherited permissions. When they are set, inherited permissions are not considered.

Tip: From the CES Administration Tool, you can see the permission levels and sets and review the associated security entities from the Index Browser (see Reviewing Document Details from the Index Browser).

Note: From one type of repository security model to another, the priority of the Allowed permission over the Denied permission or the priority of User permissions over Group permissions may be reversed.

What's Next?

Understand how CES reproduces the security model for each document in each repository (see Permission Levels and Sets).

People who viewed this topic also viewed