Documenting in Detail: Patrolling Permissions

by Indygo, courtesy the Noun ProjectAssigning Access

An important but often overlooked aspect of distributing documentation electronically is assigning access permissions. In this article, we’ll discuss general considerations to bear in mind when sharing documents with others by assigning user and/or group access permissions.
 

Permission Levels

The exact permissions that can be assigned to a given document vary depending upon the file sharing service used. Most services allow at least three levels: a default no access level, a read-only View permission, and a read/write Edit permission. Google Drive adds in the useful Comment permission, which allows holders to attach comments to the document and make edits that show as highlighted suggestions which may be accepted or rejected by those holding the Edit permission.
 

Determining Permission Levels

The permissions applied to a given document will obviously vary depending upon the content of the document. For example, documents containing confidential or sensitive information should be restricted to only those who need access to that information to carry out their job responsibilities, with others granted no access whatsoever. Other documents with information applicable to all employees should be shared to employees with at least View (if not Edit) access. Yet other documents with content applicable to customers or other external stakeholders may be shared with public View access. Between these obvious extremes, however, there’s a grey area in the middle consisting of documents that contain no particularly privileged information such that they must be protected for clear reasons of confidentiality, but whose contents are only of direct relevance to a given stakeholder group, say a single department. How do you decide what permissions to assign to this majority of documents?
 

Decision Principles

The answer to that question will vary significantly from organization to organization. In practice, the unthinking acceptance of the default settings of file sharing system used to distribute the document typically provides the answer. But these defaults are typically designed by adherence to some general principle of permission. Such principles bear consideration in setting up your documentation distribution process.
 
Least Privilege
The majority of file sharing platforms default to disallow access to a document unless explicit access has been granted. This enables easy implementation of the principle of least privilege, which grants to a user only the minimum level of access necessary to only those resources which are essential to that user’s work.

The principle of least privilege has the advantage of enhancing both the security and integrity of information. It is the most conservative approach, especially suitable for organizations in regulated industries or those who deal with secret information.

The principle of least privilege has the downside of bogging down organizational processes, since the correspondence of security permissions to the actual “need to know” of employees is rarely perfect and may change frequently, requiring new authorizations for information access. Further, such restrictions likely hamper innovation by compartmentalizing information flow and restricting free access to organizational knowledge, which, if made available to the minds of more people, may spark novel connections leading to creative advance.
 
Open Access
On the other extreme is the information wants to be free model best exemplified by the wiki platform, which typically defaults to allow public Edit access. Wikipedia is the canonical example of such an open system, which maximizes information distribution potential as well as the opportunity for innovation by allowing anyone to edit. However, that latter capability opens up the potential for negative, degrading changes just as easily as useful, innovative ones. The wiki platform addresses this latter problem of information integrity by maintaining an extensive version history, which allows one to easily revert to a previous version when changes judged as unconstructive have been made. Automatic version histories are foundational to version control systems as well as other Internet publishing platforms, including Google Drive and Microsoft OneDrive.
 

Levels of Analysis

The question of assigning access should be analyzed at least at two levels, the organizational level and the document level. The answer at the organizational level provides the default settings for the permissions applied at the folder and document level, which may be overridden given the nature of the given document’s content.

At the organizational level, the primary consideration is the organization’s orientation to openness. The trade-offs are between security and innovation. The organization must decide where it stands on negotiating these trade-offs given its unique mission and environmental constraints. The relevant decision criterion is given by management scientist Stafford Beer, who developed a general systems principle relevant to any question involving trade-offs between allowing freedom and exercising control:
 
“[Freedom] … is in principle a computable function of the system’s purpose in relation to its environment.”

In this case, if your organization’s purpose involves safeguarding confidential information, your default organizational stance may be the principle of least privilege. A bank, for example, will certainly want to default to a least privilege stance to protect the security of its members’ holdings. If, on the other hand, your organization is committed to innovation and the dissemination of knowledge, perhaps the “information wants to be free” stance is a closer fit. Academic institutions, especially public universities, which have a commitment to the open advancement of knowledge, tend in this direction.

A similar analysis may be repeated at multiple levels within the organization, as appropriate given the disparate purposes that exist across functional departments. For example, even within a fairly open academic institution, the business office may have a different orientation toward information openness than a research department.

Regardless of any default orientation stemming from the organizational unit’s stance toward information openness, the analysis must be repeated at the individual document level, based on the content of the document. What is the purpose of the document? The answer to that question, in the context of the purpose and constraints of the organizational unit, will determine appropriate permissions.
 
Concern Permission to Restrict Trade-Off
Security View Innovation
Integrity Edit Agility

If your organization is especially concerned with security, then it may be worthwhile to codify a policy for information access which identifies classes of sensitive information and identifies the positions and organizational units which should have access to each class.
 

Capturing Permissions

When actually assigning sharing permissions, it’s useful to think in terms of the document stakeholders and their roles. An adapted responsibility matrix (which we introduced in a previous discussion as an element of a Documentation Policy) can clarify and capture appropriate permissions. In addition to columns capturing permissions for the standard RACI role codes, adding a more general Access code can capture the cases where a document may be shared with users or groups other than direct stakeholders.
 

Example: Employee Position Description

For example, appropriate sharing permissions on a given employee’s job description may be captured as follows. (Assume that Edit permissions imply View permissions.)
 
Position / Organizational Unit
Responsible
Approve
Consult
Inform
Access
HR Director
View
Associate HR Director
Edit
Position Supervisor
Edit
Position
View
Current Employees
View
 

Example: Company Annual Report

Sharing permissions on a company’s annual report permission may be captured as:
 
Position / Organizational Unit
Responsible
Approve
Consult
Inform
Access
CFO
View
Controller
Edit
Communications Director
Edit
CEO
View
Public
View
 

Permission Inheritance

While appropriate permissions can vary from document to document, it’s far more practical to assign them at the folder level when possible, as contained files and folders will inherit the permissions assigned on the containing folder, eliminating the need for file-by-file permission assignment. Thinking through the appropriate permissions for your organization’s filing schema can ease the administrative burden of assigning and maintaining sharing permissions. Thinking through the appropriate permissions for your organization’s filing schema can ease the administrative burden of assigning and maintaining sharing permissions.
 
Folder View Edit
  • Traditional Co., Inc.
Current Employees
  • Accounting
Accounting
  • Processes
Accounting
  • AR
CFO, Controller AR Clerk
  • AP
CFO, Controller AP Clerk
  • Projects
Accounting
  • ...
  • Engineering
Engineering
 

Thanks to reader Daniel Kegan for sparking these reflections on assigning access. How do you handle sharing permissions? Please let me know by leaving a comment below.

No comments:

Post a Comment