As you may already be aware, OpenText recently included some new permissions tools into their Content Suite and Extended ECM platforms. Going under the name of “Permissions Explorer“ it provides a familiar looking permissions dashboard. But as I’ve highlighted before, this is nothing to do with Permissions Manager from Fastman.
Over the last couple of months, I’ve heard many people asking about how Permissions Explorer compares with and whether it replaces Fastman Permissions Manager. Let’s be very clear – the answer is a definite no.
In this post I want to take a closer look at why Permissions Manager remains the only permissions tool suitable for organizations that are serious about the security of their Content Suite information.
In several conversations of late I have heard that OpenText is advising customers that Permissions Explorer is the only tool that they need for managing their information security. As those that have tried to use it in anger will attest to, Permissions Explorer is a very feature-light permissions viewer and editor; useful for generic and uniform permissions review and changes but of little use for the real world situations so many of our customers experience.
In the real world that system administrators and business users operate within, Content Suite permissions are a complex area of the system. By design they are extremely rich and flexible and it is this complexity that leads us to needing the more complete solution that Permissions Manager is – and has provided for over 10 years.
Think of Permissions Explorer as Permissions Manager Light. It’s a free tool for doing simple bulk changes, where as Permissions Manager is about managing and ensuring the security of your enterprise information.
Permissions Manager is designed to allow Content Suite users to deliver good information management practices, such as ISO 27000, within their organization. These practices following three distinct processes:
Good practice demands that you implement tools and processes to ensure the above “reviewing” capabilities are in place. But it also requires that you have tools and processes to ensure that if any discrepancies are detected you are able to fix, or “repair”, them in a structured and controlled manner. Permissions Manager is the only solution for Content Suite or xECM that delivers this.
So, that’s the theory, but the question remains, why would you want to use Permissions Manager and not just use the out-of-the-box tools that OpenText provides?
Surely, Permissions Explorer should be able to do everything you need to implement best practices and stay secure.
Ah, no it doesn’t…
As your Content Suite repository grows, so does the number of users and groups that are used within its permissions model. These quickly become complex, and in the real world managing group memberships is not easy. So what happens when you suddenly find that a user is able to see content that they shouldn’t? How do you know which group is giving them access, and who else may also be able to see content they shouldn’t?
Option 1 is to user Permissions Explorer to find out what users and groups have been given access to a specific object. And then to trawl back through all the individual groups to find out whether the user you wish to check is part of one of those groups.
Option 2, is to use Permissions Manager. Through its permissions filter and effective permissions view, Permissions Manager shows the permissions that are really being applied to any and every user. Just browse to the folder or item that you want to check, select the user from the user-picker and check the effective permissionsoption.
The folder list will update to show the actual access rights that your chosen user has on the selected item and its sub-contents. No need to worry any longer about object rights and group memberships.
In a related example, I am often asked by information managers or system administrators how they can verify whether a certain user/group has access to specific content. If so, what access do they have and how are they getting those permissions?
As an example, the board wants to assure that all their members have access to minutes of the meetings, but no-one else in the company is able to see them. Permissions Manager enables this to be quickly verified and, if issues are found, quickly rectified.
Fastman Permissions Manager’s virtual permissionsmode allows full comparison between existing permissions and a template permissions model. The system administrator can define a template set of permissions and quickly highlight items that vary from the required permissions model – effectively demonstrating situations where a higher level of permission has been granted.
Similarly, how do you fix the problem when a member of your team comes up and says that they have access to an item, but their colleague is the same department doesn’t. Why would that be?
Often this is a result of the two users being members of different groups; using the Permissions Manager compare groupsfunction these differences can be quickly found and rectified. Many customers use this function as part of their user on-boarding and off-boarding processes.
Here’s one that has likely come up before and you’ve wondered how on earth you can achieve this without a substantial amount of manual work. The Human Resources department has said that nothing in there area should have Public Access enabled so they they can ensure that personal information does not leak.
The question is, without opening each and every item, how do you check that?
Using Permissions Manager’s permission search capability you can quickly check everything to ensure that nothing has public access set. A click on the permissions search icon opens a familiar looking advanced search interface. From here you can select the required search options; for example all documents that have Public Access enabled. Permissions Manager quickly checks to see if any items meet the search criteria provided and returns a set of results, including the location of each matched item.
All being well, in this example the result set is empty. But in the case that it isn’t, you can quickly update the erroneous items directly from the search result set.
So what happens in the event that you do find problems with any permissions or access rights within your repository? Yes, you could go into each item individually and fix the issues if there only a few issues. But what if you find issues scattered broadly around your system? It’s highly unlikely that you will want to just bulk update a whole folder hierarchy.
If you want to change multiple items across the system, Permissions Manager provides the ability to modify permissions on collections of content, search result sets, and folders. For example, say that you have a standard folder structure for each project that your company works on. An organizational change means that the “Customs Documentation” folder within each area needs to have its permissions updated to allow a new department to access it.
By performing a search for “Customs Documentation” within the projects area you can quickly locate each folder, and then send the result set to Permissions Manager to adjust the access rights on each folder and it’s immediate children. Similarly, individual items can be added into Collections within Content Suite and there permissions can be quickly and accurately updated in one action.
Another very common scenario that I am frequently asked to help resolve is where permissions have accidentally been changed. Devolving permissions management to trusted end-users is often a best practice, but when a user selects to update the permissions on a folder and its children without realizing that a couple of levels down there were some very explicit access rights set, how do you fix thing back up?
With the out-of-the-box tools, there is no “undo” button to hit. However, using Permissions Manager rolling-back erroneous changes is just that simple. Reverting permissions to a previous state is just a question of selecting the the problematic object, then clicking the “rollback permissions” button. You will be presented with a history of changes, and can select how far back you want to go. You can also select to apply the rollback to just the current item, or to children.
What’s best of all though. Even if you didn’t have Permissions Manager installed when the problem occurred, you can install the module afterwards and then use it to restore. No longer do you need to panic. Just give us a call…
On the surface, Permissions Explorer imitates the user experience of Permissions Manager with its dashboard style interface. But as the examples above have shown, in reality its functionality remains limited to basic permissions viewing, a slightly more visual approach to bulk updates, and simple parent/child comparative checks.
If you or your organization care about the security of your information, Permissions Manager remains the only viable information security solution. If you’re being told otherwise, or just want to learn more about information security best practices and how Permissions Manager supports them, then get in touch with us today.
By tuning the core platform and aligning it with individual business needs, Fastman improves user adoption and radically changes the way organizations use OpenText™ Content Suite and SAP® Extended ECM.
Why you need a good document change control tool for your ECM This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.
Accept settingsHide notification onlySettingsWe may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refuseing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.
If you do not want that we track your visit to our site you can disable tracking in your browser here:
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Google reCaptcha Settings:
Vimeo and Youtube video embeds:
The following cookies are also needed - You can choose if you want to allow them: