Re: TRIM Access controls and security in Sharepoint (414 Views)
Reply
Regular Advisor
Mary Bray
Posts: 154
Registered: ‎12-13-2009
Message 1 of 10 (508 Views)

TRIM Access controls and security in Sharepoint

Mornin all.

 

I am trying to find some documentation to explain how or if Sharepoint honours TRIM Access controls and security levels/caveats on files and documents exposed via the Sharepoint 2010 TRIM 7 integration.

 

I found the TRIM7.21_SPIntegrationConfiguration.pdf which doesn't mention it! and the TRIM7.21_SPIntegrationInstall.pdf which doesn't mention it but TRIM7.21_SPIntegrationDevelopersGuide.pdf and TRIM7.21_SPIntegrationUserManual.pdf are both 5 pages of gumph that tell you to go to the web site for the lates manuals - where you get another 5 pages of gumph... bum.

 

mary

Please use plain text.
Honored Contributor
Grundy
Posts: 2,845
Registered: ‎02-16-2009
Message 2 of 10 (503 Views)

Re: TRIM Access controls and security in Sharepoint

[ Edited ]

EDIT:   Getting SP team to clarify in more detail. :)



::::::::::::::::::::::
NOT A HP EMPLOYEE
::::::::::::::::::::::

Kapish.com.au
Please use plain text.
Regular Advisor
Mary Bray
Posts: 154
Registered: ‎12-13-2009
Message 3 of 10 (472 Views)

Re: TRIM Access controls and security in Sharepoint

Thanks grundy - obviously it's a major design issue for TRIM sites that are as **bleep** about access controls as we are. oops! did i really say that :-)

Please use plain text.
Honored Contributor
Grundy
Posts: 2,845
Registered: ‎02-16-2009
Message 4 of 10 (469 Views)

Re: TRIM Access controls and security in Sharepoint

The SP devs are going to clarify all this exactly.

 

However, the basic rule is, if someone 'exposes' an item, it would be like a staff member pulling out a document and pinning it to a board in the break room.

Anyone with access to that room will see the document!

 

Will wait and get something formal together and we'll have a meeting internally soon so everyone's on the same page.

 

 



::::::::::::::::::::::
NOT A HP EMPLOYEE
::::::::::::::::::::::

Kapish.com.au
Please use plain text.
Regular Advisor
Mary Bray
Posts: 154
Registered: ‎12-13-2009
Message 5 of 10 (437 Views)

Re: TRIM Access controls and security in Sharepoint

I can imagine if a document is extracted (like an email) it is no longer under TRIMs control, but the Sharepoint integration talks about documents being "Managed" in TRIM - surely that means the document is stored and secured in TRIM and sharepoint is essentially just the Client - if not why is the setup so complex requiring TRIM workgroup server install on the Sharepoint Server and no end of moving parts with special serv ice accounts and default record types etc?

Please use plain text.
Trusted Contributor
Rich_Kid
Posts: 237
Registered: ‎03-31-2010
Message 6 of 10 (432 Views)

Re: TRIM Access controls and security in Sharepoint

Hi

 

Whilst the team are clarifying the security stuff, can they also comment on the Audit Logs,

 

is everything logged up the credidentals of the person extracting the document, or is it logged as the service account ?  This this apply to all flavors of integration in sharepoint ?

 

 

Please use plain text.
Regular Advisor
Mary Bray
Posts: 154
Registered: ‎12-13-2009
Message 7 of 10 (430 Views)

Re: TRIM Access controls and security in Sharepoint

Really good point Rich - we were discussing that yesterday too and I forgot to ask. Without those things I don't see much future for "integration" - except there might be a sales opportunity for those of use that can code!!!!

Please use plain text.
Honored Contributor
Grundy
Posts: 2,845
Registered: ‎02-16-2009
Message 8 of 10 (423 Views)

Re: TRIM Access controls and security in Sharepoint

Just to follow up, everything I stated originally was correct, except that EDIT permissions are still completely controlled by TRIM.

 

So to cover the basics again:

 

- Any live access to TRIM, either via a federated search, finding records to expose etc, editing/check-out and check-in is all security controlled by TRIM, since all these actions directly interact with TRIM.

 

- If you 'Expose' an item into Sharepoint, then the TRIM security no longer applies and Sharepoint security takes over.  This is the same as if someone emailed it, printed it, copied it to a network drive etc, TRIM is no longer directly involved in 'VIEWING' the item.

 

 

The integration is always evolving and open to enhancement requests.

The developers are actually very keen for this levle of feedback, so if you have any ideas on how you think it could be improved (pending limitations of the Sharepoint/TRIM platform), then please log them with the support team. :)

 

 

As for Audit logs, I havn't checked personally, but I can look at this in our test environments next time I'm using them.

 

For now, the product management team and SP integration devs are working on a formal write-up of the security/access questions above, since you're not the only ones asking this question.



::::::::::::::::::::::
NOT A HP EMPLOYEE
::::::::::::::::::::::

Kapish.com.au
Please use plain text.
Frequent Advisor
alexw_1
Posts: 55
Registered: ‎05-05-2010
Message 9 of 10 (419 Views)

Re: TRIM Access controls and security in Sharepoint

There are multiple ways to use the TRIM sharepoint integration. Here are two:

 

1) Exposing records via container is as Grundy described - any records (already in TRIM) that the "trim privileged" account can access can be exposed. Once they are exposed, the only security control you have is within the Sharepoint user management. This is very dangerous, and not well understood by HP salespeople!

 

Another point to note on this is that when records are exposed in this way, they actually are copied into sharepoint, and can be accessed without using the TRIM backend. This is both good and bad.

 

 

2) "Managing" records takes content that already exists in Sharepoint (or is being created / collaborated within Sharepoint) and saves it into TRIM. The security of the record is typically based on the TRIM container that it is being stored into. The TRIM user mapping carries through for this content.

 

 

Happy to be corrected on any of this! I don't want to spread incorrect information.

 

There seems to be a general lack of good documentation on the integration, and for some reason, a large part of the useful documentation in the 7.1 releases has been removed from the 7.2 releases. (??)

Please use plain text.
Honored Contributor
EWillsey
Posts: 1,815
Registered: ‎04-20-2010
Message 10 of 10 (414 Views)

Re: TRIM Access controls and security in Sharepoint

Around the access controls I agree. Had a big issue with a customer where the user would go and expose a document to a library, but it was a very sensitive document. Since there's no way to see the access controls (easily) from the search results, the user really didn't even know it was something locked down harshly in TRIM. So we just removed the whole expose component from the XSLT.

Another thing: if you're a site that allows view meta-data but denies view document... Disable expose! Otherwise users can see the meta-data in a search result and then expose it where ever they like.
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation