Follow

Security in Collabspace

 

The Collabspace security model represents the existing permissions in the Content Source. Depending on the content source, the security model may behave slightly differently for SharePoint and Exchange Content Sources.

 

Exchange 

Exchange has a simple security model: only the user who owns the mailbox can see the mail. This means that you must be signed in as the user whose email is associated to the mailbox to see content that has been crawled from the Exchange Connector. 

This functionality extends to shared mailboxes as well. Since a shared mailbox is still associated to a single email address, you must be logged in using that email address to view the crawled content in Collabspace Search Results.

 

SharePoint

Any content from SharePoint will always have some level of security attached to it. That security context is crawled on an item-by-item basis, meaning that Collabspace supports item-level security. 

Since SharePoint permission is related to crawling, permission changes might not be immediate. Collabspace will try to represent the latest security settings in SharePoint, however, users may need to wait for a Partial Crawl to complete to see things like SharePoint Group inclusion or new SharePoint Group creation. Partial Crawls normally occur on a daily basis, so group changes may take up to a day to be reflected in the Collabspace Search Results.

Regular Users

Since the current functionality supported in Collabspace is based around Search, the only permission required to view items in Collabspace is View-level permission. Essentially, if the user has permission to see the item in SharePoint, they should be able to see the item returned in Collabspace Search Results.

Site Collection Administrators

Site Collection Administrators should have permission to see all items in SharePoint, as a special permission group is created for them and applied to all items on that Site Collection. 

 

Elevated Search Security

The security setting within Collabspace called Discovery Administrator represents an extremely high level of access to all crawled content.

 

Essentially, Discovery Administrators have full access to all crawled content, including content sourced from Private SharePoint Sites and Exchange Inboxes. The permission setting was designed for those users who require elevated access to execute a legal discovery process. With this level of permission, users will be able to find any and all relevant content regardless of the original permission settings of the Content Source.

The Discovery Administrator setting cannot be assigned to an Active Directory Group; it can only be assigned to individually named users, ensuring that at any time, the Collabspace Administrators can view the users who have this elevated permission.

Use the Discovery Administrator setting with caution, as it is an extreme level of access

 

Return to Creating Users

Return to Search

 

Comments