contentACCESS Remote File archiving – version Orion

4.1.Archiving common shares

In this use-case, the customer has a domain, into which the users and workstations are joined. The domain has one or more file shares, where the users are storing their documents. The shares are commonly accessed by all users, while the different access levels are handled by the Windows file security. The access levels are mostly set on folder level, mainly on higher levels, while the files and subfolders are inheriting the permissions from the parent levels. The users are assigned to different groups and the file security is set based on groups.

Solution
In this approach, the administrator will choose a server (the so called “archive server”), where RFA will be deployed. RFA will connect to contentACCESS (running in the cloud) using a user with at least tenant administrator level permissions. This user will be able to register the root folder (i.e. the UNC share to archive) and will do the archiving as well.

Once RFA is connected, the administrator can configure the rules: which folder will be archived and the archiving criteria. He can define as many file shares and rules as he wants. At this point, the archiving is already achieved, the configured folders will be periodically scanned and archived to contentACCESS.

The only person who has access to the archived data at this point is the administrator. He can use the RFA client from the “archive server” to access the data or any other contentACCESS client application (contentACCESS Portal, officeGATE, contentACCESS Mobile). To log in, he will use his privileged contentACCESS account.

If the administrator wants to grant access to archived files for end users, the user provisioning and authentication proxy must be configured (part of RFA). The user provisioning will automatically create contentACCESS users for all configured users (with External active directory login type) and the authentication proxy will allow the users to log in with their domain credentials to contentACCESS. In this scenario, the user must select External Active Directory login type on the contentACCESS login page and enter his AD credentials (domainuser and the password).

Once the users are logged in to the system, the server will apply security trimming on the files and folders based on the source permissions, considering the AD group membership as well. This means that the user will see only those folders and files to which he has access on the source system.

Authentication
External Windows logins are created for the users that are provisioned using the RFA provisioning. The authentication is performed via the RFA authentication proxy.

Data access
The users have automatic access to all accessible folders and files in the archive. The built-in domain groups like domain admin and domain users are not supported. Local users and groups are also not supported by the permission evaluation.

Yes No Suggest edit
Help Guide Powered by Documentor
Suggest Edit