Author Topic: How to let user know they are viewing an extra sensitive doc?  (Read 4056 times)

Lars Bencze

  • Full Member
  • ***
  • Posts: 116
  • CMOD Expert at Skandia
    • View Profile
    • INACTIVE - Bezland Consulting
How to let user know they are viewing an extra sensitive doc?
« on: October 20, 2020, 07:32:49 AM »
Hi!

We have a solution in place where we use one of the OD user exits. If a user is not authorized to view a particular customer's document(s), we won't let them. This solution is based on one of the metadata field values, and a lookup in an external DB/web service.
NOTE: Whether a customer is "extra sensitive" or not is most oftenly set LONG time after we load the documents into CMOD. There is no reasonable way of setting this in a metadata field at load time.

However, some users ARE authenticated to view these documents. Now;
How would you suggest to inform those users that this is an extra sensitive document?
Oh, and we are talking about the thick OD Client, as well as anyone accessing via Content Navigator.

If it was merely AFP documents, we could probably add a watermark with this info, but there are several different file formats, including PDF, a standard which is prone to change over time. AFP, TIFF and PDF would be a minimum to cover for the solution.
Also, we don't want to make any permanent changes to the documents, since the "extra sensitive" status is usually temporary (years).

Post your suggestions, I'm all ears/eyes!
OnDemand for MP expert. #Multiplatforms #Admin #Scripts #Performance #Support #Architecture #PDFIndexing #TSM/SP #DB2 #CustomSolutions #Integration #UserExits #Migrations #Workflow #ECM #Cloud #ODApi

Justin Derrick

  • IBM Content Manager OnDemand Consultant
  • Administrator
  • Hero Member
  • *****
  • Posts: 2228
  • CMOD Guru for hire...
    • View Profile
    • Tenacious Consulting
Re: How to let user know they are viewing an extra sensitive doc?
« Reply #1 on: October 21, 2020, 09:08:47 AM »
Consider adding an annotation to the document, and configure it to be displayed on the first page after a retrieval?

Alternately, have a background service that finds and updates these 'extra sensitive' documents with the metadata you're already using in your User Exit?

-JD.
IBM CMOD Professional Services: http://TenaciousConsulting.com
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Education & Webinars:  https://CMOD.Training/

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR

jsquizz

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 573
    • View Profile
Re: How to let user know they are viewing an extra sensitive doc?
« Reply #2 on: October 22, 2020, 07:47:24 AM »
I've done something like this before.

Can you index a field, for example- Is there anything on the document that identifies that it's sensitive? If it finds the field, set the value to "SENSITIVE", if it finds nothing -> Default value to "NON SENSITIVE"
#CMOD #DB2 #AFP2PDF #TSM #AIX #RHEL #AWS #AZURE #GCP #EVERYTHING

Darrell Bryant

  • Full Member
  • ***
  • Posts: 104
  • Sed fugit interea fugit inreparabile tempus-Virgil
    • View Profile
Re: How to let user know they are viewing an extra sensitive doc?
« Reply #3 on: October 22, 2020, 11:58:54 AM »
One consideration for PDF documents is that annotations are not displayed if the document is launched in an external viewer. An external viewer is always used with the 64-bit Windows client, and also for the 32-bit Windows client if the full Acrobat product is not installed.
#IBMi #iSeries #PDF #XML #400 Indexer #ASM

Justin Derrick

  • IBM Content Manager OnDemand Consultant
  • Administrator
  • Hero Member
  • *****
  • Posts: 2228
  • CMOD Guru for hire...
    • View Profile
    • Tenacious Consulting
Re: How to let user know they are viewing an extra sensitive doc?
« Reply #4 on: October 23, 2020, 07:12:54 AM »
annotations are not displayed if the document is launched in an external viewer

Good to know...  The 32/64-bit client vs Acrobat thing seems tricky...

-JD.
IBM CMOD Professional Services: http://TenaciousConsulting.com
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Education & Webinars:  https://CMOD.Training/

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR

Lars Bencze

  • Full Member
  • ***
  • Posts: 116
  • CMOD Expert at Skandia
    • View Profile
    • INACTIVE - Bezland Consulting
Re: How to let user know they are viewing an extra sensitive doc?
« Reply #5 on: November 02, 2020, 04:19:44 AM »
Thanks for the suggestions.

There is however nothing in the document itself that determines this, it is a "property" of the person the document pertains to.
I.e. if someone starts working for the CIA, all documents belonging to this person suddenly becomes "sensitive" (or "classified" if you wish).
This info is in a different database, so we WILL know if this is the case. But how to display it to the few authorized viewers of such documents? OD and CN clients won't care.
OnDemand for MP expert. #Multiplatforms #Admin #Scripts #Performance #Support #Architecture #PDFIndexing #TSM/SP #DB2 #CustomSolutions #Integration #UserExits #Migrations #Workflow #ECM #Cloud #ODApi

Justin Derrick

  • IBM Content Manager OnDemand Consultant
  • Administrator
  • Hero Member
  • *****
  • Posts: 2228
  • CMOD Guru for hire...
    • View Profile
    • Tenacious Consulting
Re: How to let user know they are viewing an extra sensitive doc?
« Reply #6 on: November 02, 2020, 09:36:19 AM »
Sounds like you need the same thing insurance companies have...  You receive a 'master file' from a source system, and you process it to update fields in CMOD with arsdoc update.

You'll need to catch both processes -- once someone gets onto the list, it marks their documents as sensitive, once someone leaves the list, it removes the 'sensitive' label.

You could discriminate between the two with a query restriction - normal access is "NOT like 'sensitive'", and higher levels of access don't have that restriction at all.

-JD.
IBM CMOD Professional Services: http://TenaciousConsulting.com
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Education & Webinars:  https://CMOD.Training/

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR

Lars Bencze

  • Full Member
  • ***
  • Posts: 116
  • CMOD Expert at Skandia
    • View Profile
    • INACTIVE - Bezland Consulting
Re: How to let user know they are viewing an extra sensitive doc?
« Reply #7 on: November 10, 2020, 08:56:25 AM »
We might do that... but then we would need each integrated system to publish/handle the data in that field and build one solution each. :(
OnDemand for MP expert. #Multiplatforms #Admin #Scripts #Performance #Support #Architecture #PDFIndexing #TSM/SP #DB2 #CustomSolutions #Integration #UserExits #Migrations #Workflow #ECM #Cloud #ODApi

Justin Derrick

  • IBM Content Manager OnDemand Consultant
  • Administrator
  • Hero Member
  • *****
  • Posts: 2228
  • CMOD Guru for hire...
    • View Profile
    • Tenacious Consulting
Re: How to let user know they are viewing an extra sensitive doc?
« Reply #8 on: November 10, 2020, 10:07:36 AM »
I can't think of a way for you to be able to change metadata without a source of that metadata.  :)

The only other way is to build a custom front end through the ODWEK Java API that queries a database to determine if the document is sensitive or not, and either allow or deny the retrieval based on the results.

It's an interesting issue with very few clear solutions.

-JD.
IBM CMOD Professional Services: http://TenaciousConsulting.com
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Education & Webinars:  https://CMOD.Training/

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR

Lars Bencze

  • Full Member
  • ***
  • Posts: 116
  • CMOD Expert at Skandia
    • View Profile
    • INACTIVE - Bezland Consulting
Re: How to let user know they are viewing an extra sensitive doc?
« Reply #9 on: November 12, 2020, 09:02:27 AM »
Sounds like you need the same thing insurance companies have...  You receive a 'master file' from a source system, and you process it to update fields in CMOD with arsdoc update.

You'll need to catch both processes -- once someone gets onto the list, it marks their documents as sensitive, once someone leaves the list, it removes the 'sensitive' label.

You could discriminate between the two with a query restriction - normal access is "NOT like 'sensitive'", and higher levels of access don't have that restriction at all.

-JD.

I think we slipped slightly off the subject here.
The issue is not hiding these sensitive documents from unauthorized access. We have a system in place that handles that part already.

The issue is: how do we inform the AUTHORIZED users that "This document that you are currently viewing, is of a sensitive kind. Do not share it outside of the corporation.".
(We know if it is a sensitive doc at the time of the retrieval, but not necessarily when we search.)
Unauthorized users will not be able to do bad stuff with the doc anyway.
OnDemand for MP expert. #Multiplatforms #Admin #Scripts #Performance #Support #Architecture #PDFIndexing #TSM/SP #DB2 #CustomSolutions #Integration #UserExits #Migrations #Workflow #ECM #Cloud #ODApi

Justin Derrick

  • IBM Content Manager OnDemand Consultant
  • Administrator
  • Hero Member
  • *****
  • Posts: 2228
  • CMOD Guru for hire...
    • View Profile
    • Tenacious Consulting
Re: How to let user know they are viewing an extra sensitive doc?
« Reply #10 on: November 12, 2020, 10:01:04 AM »
Ah.  I wonder if you could use the annotation feature with CMOD - to add an annotation to the document, which would be displayed at the time you perform a retrieval.  It still sounds like you'd have to build something custom (retrieval / preview user exit?).

You might be able to build this as an ICN plugin, but I'm not sure how you'd customize the Thick Client to be able to do this.

-JD.
IBM CMOD Professional Services: http://TenaciousConsulting.com
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Education & Webinars:  https://CMOD.Training/

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR

Lars Bencze

  • Full Member
  • ***
  • Posts: 116
  • CMOD Expert at Skandia
    • View Profile
    • INACTIVE - Bezland Consulting
Re: How to let user know they are viewing an extra sensitive doc?
« Reply #11 on: November 24, 2020, 02:55:18 AM »
OK, continued;

So if we try to go for a solution where we insert a preface page, OR a watermark across all pages, this seems doable. Reviewing the three file types which we will be working with, programmatically:
  • Inserting a page into a PDF is easy. Plenty of APIs are available.
  • Manipulating TIFFs is not too bad either.
  • But so far, we are unable to find a suitable API to do the same to AFP documents.
What API (java strongly preferred) would you guys suggest to do this operation with AFP documents?
OnDemand for MP expert. #Multiplatforms #Admin #Scripts #Performance #Support #Architecture #PDFIndexing #TSM/SP #DB2 #CustomSolutions #Integration #UserExits #Migrations #Workflow #ECM #Cloud #ODApi