Security Model Types
-
Direct permissions
-
A user must be allowed in a single permission set to be able to view a document.
-
Restrictive permissions
-
A user must be allowed in many permission sets to be able to view a document.
Example: In an Atlassian Confluence collaborative site, permissions can be specified for three entities:
-
Global - Applicable to the whole site
-
Space - Applicable to a given Space (a space is a main subdivision in a Confluence site)
-
Page - Applicable to a specific document
A user must have read access from all three permission sets to be able to see the document. A user will not be able to see a document when he is denied in any of these permission sets.
-
-
Permissions with priority
-
Two or more security layers are considered sequentially. A user may be unknown in a first security layer (no permissions set for him) in which case the next security layer is referred to. The first layer that specifies permissions for a user is applied. Following priority layers are not considered.
Example: In an NTFS file system, you can set permissions on a folder. The folders and files it contains inherit these permissions (File Share Permissions). You can also set explicit permissions on a file (NTFS Permissions). The explicit permissions have a precedence on the inherited permissions. When they are set, inherited permissions are not considered.
Tip: From the CES Administration Tool, you can see the permission levels and sets and review
the associated security entities from the Index Browser (see Reviewing Document Details from the Index Browser).
Note: From one type of repository security model to another, the priority of the Allowed permission over the Denied permission or the priority of User permissions over Group permissions may be reversed.
What's Next?
Understand how CES reproduces the security model for each document in each repository (see Permission Levels and Sets).