Ownership is quite important in IBM Connection when it comes to data. Why? Well because ownership isn’t always straight forward and sometimes data shouldn’t be public.
Obvious! Why would you even need to say that?
Well… The premises of any social platform like IBM Connections is to share. That means that in theory the thinking is that every file you put into your social platform should be ‘public’ (e.g. findable and accessible to all). Reality of course is that this is not always the case. Even in a very ‘open’ organization certain files will still require protection and limited access. This is one of the reasons why users in IBM Connections can specify “Sharing” settings on files they upload as well as folders and communities they create, restricting access to only specific groups or users. The basic idea is though, and this is something you feel very clearly when working with IBM Connections, that everything is open, unless.
How you can limit access is partly determined by where the files are stored. Looking specifically at files you can say that IBM Connections allows for two* main storage points:
- By uploading it into a users personal Files section
- By uploading it into a community
In the first case, uploading a file into personal files, the file will always remain in the ownership of the user. The standard security level setting for personal files is ‘Private’, meaning no one can access apart from the owner. The owner can however decide to make a file ‘Public’ (accessible to all) or grant specific Editor or Reader access to specific users, groups or communities. Ownership and full control will always remain with the original user though.
A file stored directly into the community however is different. Ownership of these files lies not with the user that uploaded it into the community but with the community. All users of that community from then on have equal rights to that document. This means that if the user uploads a file into a restricted community and is subsequently removed as a member of that community, the file remains in the community and is no longer accessible to the user that originally uploaded it.
A similar structure applies to folders. Folders created in a users personal files section will always remain in the ownership of that user. Folders created as Community folders and/or CCM folders however will always be property of the community, not the creating user. This also implies the biggest restriction which is that a folder created within a community or CCM Library can never be shared across communities while Folders created as personal folders can be shared with more then one community, group or user.
CCM folders have one added element to keep in mind which is that they allow for imposing additional access restrictions on folders by limiting edit access to specific subgroups of community users. You can for instance use this to restrict that only a few of the community users are allowed to edit the information in a CCM folder. Read access however will always be there to all community members though and the user creating the folder as well as the community owners cannot be revoked as owner of that folder unless they are removed from the community.
Shared folders versus Tags?
Which brings me to another peculiarity of shared folders…. A folder in the traditional sense as people know them from for instance their file drive is a place, a physical location to store a file. Meaning a file can only reside in one folder at the time. Shared folders however are different as a file can be added to more then one Shared folder. So in a way shared folders aren’t really ‘folders’ at all, they are collection sets and almost act the same as tags. After all a tag is nothing else then a categorization and several files having the same tag can be seen as a collection as well. The difference between a shared folder and a tag in IBM Connections is though, that you can control access and Share a shared folder and you can’t do that with a tag.
So keep in mind that a Shared folder is significantly different from a community or CCM folder as those are more aligned to the standard concept of folders while Shared Folders in a way hold the middle between a Tag and a folder.
Shared folders & security
So… why would you create folders within communities if personal (Shared) folders give you more options to share across communities & user groups and allow you to have information in them that is also shared in other folders? Well because there are some risks with having shared folders. For one, users don’t always realize the implications of putting a file in a folder shared by someone else.
No problem if the community (and therefore the data in it) is public anyway but what if you have a Restricted community that has a shared folder which is also shared with another Community? A user might think that because he is adding a file to a folder within the Restricted community that therefore the file itself is also only shared within that community. Unknowingly though he might be sharing that file with other users & communities. Only if he actively opens the sharing tab will he see that it is also shared with other communities and therefore visible to not only the users of the (restricted) community he thought he was adding it to, but any other communities/users that folder was shared with as well.Example of a folder with the ‘Sharing’ tab opened to show this folder was shared with two communities
In theory the user who originally created the folder and shared it with the community could even be removed from that community while his shared folder would remain shared and visible within the community. Which means that any files added to that folder by any other community member after the user was removed from the community would effectively still be accessible to the user (creator of the folder). Using Shared folders in Restricted communities is therefore something I would strongly discourage to prevent confusion. In these situations Community folders and/or CCM folders should definitely be the first line of choice. Shared folders should only be used to share public info where it is no problem that it is visible across several public communities
Next up I will go into how you can work with the different types of folders and what differences and similarities are between them. I hope to publish this tomorrow.
* Files can also be uploaded in other places like Activities and blogs but from a standpoint of file management I am leaving these out for now