Shared folders – potential security issue

IBM Connections allows users to share personal folders with groups, communities and users. An ideal option to share sets of documents/files with multiple target audiences at the same time. There are however some caveats. Especially in situations where Shared Folders are used to share potentially sensitive information with Restricted (secured) communities. If your organization uses Shared Folders I would strongly advise looking at the below example to get an idea of the potential risks so you can assess if this is something that could cause problems in your organization:

An example:

User A creates a Shared Folder in his personal IBM Connections Files and places some files in it.

Folder_1

He then shares this folder with a community called “Demo Community” of which he is a member and which has restricted access. The folder is now visible and accessible in the Demo community to all community members:

folder_2

Both User A as well as the community members can see the folder is shared with the community in the “Sharing” tab of the folder itself:

Folder_3

The Community admin then decides that User A should no longer be allowed access to the information in the community and revokes his access. User A cannot longer open the community.

As the Test folder was a personal folder that he shared with the Demo community though, User A is still able to access the folder from his personal Files&Folders section. If he looks at the  “Sharing” tab of the folder there is no mention of the Demo Community anymore, it looks as if it is a private folder:

Folder_5

In reality though, the folder is still shared with the Demo Community and both visible and accessible to the members of that community. If they look at the “Sharing” tab of the Test Folder, “Demo Community” ís shown:

Folder_10Effectively this means that they can still access, edit, delete and add files in the folder from within the community:

Folder_9

When they do, User A can see and access these newly added files in his folder but it must be very confusing for him to see users that are not listed in his Sharing settings perform actions on files in his folder:

Folder_8

So what’s the problem?

a). User A doesn’t see the name of the “Demo Community” as an entity with which this folder is shared after he was taken out of the community, so he has no way of knowing it is still accessible to the community members.

b). Because he can’t see that it is still shared with the restricted community, he can’t remove the sharing option either. Effectively this means he has no control over the folder access anymore apart from deleting the whole folder.

c). Even though he is no longer part of the Demo Community, his folder is. Users in that community (which is restricted) would have a reasonable expectation that the  information they share within that community is limited only to members of that community. In reality though any files they place in this folder will be visible to User A (no longer a member of the community) and any other communities, groups or users he chooses to share the folder with.

 ————————————–

I understand that the above situation is extreme and not likely to happen very often but it is important to be aware of this.  There are other options that can be used instead of Shared Folders like CCM folders and the new Community folders (released in CR4 of IBM Connections 4.5). These are not owned by a user but by the community and would therefore not impose the same security flaw. I will be publishing another blog on the differences between Shared, Community and CCM folders over the next few days for those interested.