199 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
ICONUK Slidedeck “IBM Connections Adoption Worst Practices”
Sat, Sep 17th 2016 10
IBM Connections explained: Activity stream
Sun, Sep 11th 2016 10
IBM Connections Explained: Searching!
Wed, Aug 17th 2016 8
IBM Connections explained: Why a “Like” matters!
Mon, Aug 1st 2016 10
Indexing support for Activity and Forum attachments in IBM Connections 5.5
Fri, Jun 17th 2016 12
Launch of ConnectionsExpert, getting insight into your social platform
Tue, Jun 7th 2016 9
Whirlwind, great teams and learning German or is it Austrian?!?
Fri, Jun 3rd 2016 8
Top 10
IBM Connections Folders #2: Ownership of files and folders
Tue, Apr 15th 2014 14
Podcasting… an impulse, a plunge and a lot of sleepless nights!
Fri, Jan 31st 2014 12
Indexing support for Activity and Forum attachments in IBM Connections 5.5
Fri, Jun 17th 2016 12
IBM Connections explained: Why a “Like” matters!
Mon, Aug 1st 2016 10
IBM Connections explained: Activity stream
Sun, Sep 11th 2016 10
ICONUK Slidedeck “IBM Connections Adoption Worst Practices”
Sat, Sep 17th 2016 10
Shared folders – potential security issue
Sun, Apr 13th 2014 9
IBM Connections Folders #1: Community Folders
Mon, Apr 14th 2014 9
Launch of ConnectionsExpert, getting insight into your social platform
Tue, Jun 7th 2016 9
Whirlwind, great teams and learning German or is it Austrian?!?
Fri, Jun 3rd 2016 8


Shared folders – potential security issue
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Femke Goedhart    

IBM Connections allows users to share personal folders with groups, communities and users. An ideal option to share sets of documents/files with multiple target audiences at the same time. There are however some caveats. Especially in situations where Shared Folders are used to share potentially sensitive information with Restricted (secured) communities. If your organization uses Shared Folders I would strongly advise looking at the below example to get an idea of the potential risks so you can assess if this is something that could cause problems in your organization:

An example:

User A creates a Shared Folder in his personal IBM Connections Files and places some files in it.

Folder_1

He then shares this folder with a community called “Demo Community” of which he is a member and which has restricted access. The folder is now visible and accessible in the Demo community to all community members:

folder_2

Both User A as well as the community members can see the folder is shared with the community in the “Sharing” tab of the folder itself:

Folder_3

The Community admin then decides that User A should no longer be allowed access to the information in the community and revokes his access. User A cannot longer open the community.

As the Test folder was a personal folder that he shared with the Demo community though, User A is still able to access the folder from his personal Files&Folders section. If he looks at the  “Sharing” tab of the folder there is no mention of the Demo Community anymore, it looks as if it is a private folder:

Folder_5

In reality though, the folder is still shared with the Demo Community and both visible and accessible to the members of that community. If they look at the “Sharing” tab of the Test Folder, “Demo Community” ís shown:

Folder_10Effectively this means that they can still access, edit, delete and add files in the folder from within the community:

Folder_9

When they do, User A can see and access these newly added files in his folder but it must be very confusing for him to see users that are not listed in his Sharing settings perform actions on files in his folder:

Folder_8

So what’s the problem?

a). User A doesn’t see the name of the “Demo Community” as an entity with which this folder after he was taken out of the community, so he has no way of knowing it is still accessible to the community members.

b). Because he can’t see that it is still shared with the restricted community, he can’t remove the sharing option either. Effectively this means he has no control over the folder access anymore apart from deleting the whole folder.

c). Even though he is no longer part of the Demo Community, his folder is. Users in that community (which is restricted) would have a reasonable expectation that the  information they share within that community is limited only to members of that community. In reality though any files they place in this folder will be visible to User A (no longer a member of the community) and any other communities, groups or users he chooses to share the folder with.

 ————————————–

I understand that the above situation is extreme and not likely to happen very often but it is important to be aware of this.  There are other options that can be used instead of Shared Folders like CCM folders and the new Community folders (released in CR4 of IBM Connections 4.5). These are not owned by a user but by the community and would therefore not impose the same security flaw. I will be publishing another blog on the differences between Shared, Community and CCM folders over the next few days for those interested.



---------------------
http://feedproxy.google.com/~r/socialBusinessAsUsual/~3/PVHK6WKr0V8/
Apr 13, 2014
10 hits



Recent Blog Posts
10
ICONUK Slidedeck “IBM Connections Adoption Worst Practices”
Sat, Sep 17th 2016 1:51p   Femke Goedhart
During ICONUK last week (15-16 September 2016) I did a session on “IBM Connections Adoption Worst Practices“. Slides for this session are available on my slideshare and here: Iconuk 2016 – IBM Connections adoption Worst practices! from Femke Goedhart Regardless if you’ve implemented IBM Connections, are considering it or in the middle of the planning stages – there are wrong (and right) turns to take at every step. Join Femke to learn about misconceptions and tr
10
IBM Connections explained: Activity stream
Sun, Sep 11th 2016 10:19a   Femke Goedhart
This one I had already posted to my youtube but not linked to from my blog. It’s all about how to make the update streams work for you. Enjoy!
8
IBM Connections Explained: Searching!
Wed, Aug 17th 2016 12:59p   Femke Goedhart
Another video blog on IBM Connections, this time about Searching. Have fun!
10
IBM Connections explained: Why a “Like” matters!
Mon, Aug 1st 2016 12:47p   Femke Goedhart
I often get asked about things in IBM Connections that need some explaining. One of them is the value of using the Like button in IBM Connections and whether people really should use it in a corporate environment. Let me be clear: You should! But in stead of writing another blog on why I decided to do it a little different this time and try my luck on explaining it in a video. I hope this will help! I’ll try to do a few more like these over the coming weeks and in case you guys have que




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition