datardatar

Access Control

Secure your files with flexible permission controls

Datar Drive provides robust access control features that let you define who can access your files and folders, what actions they can perform, and how content can be shared both internally and externally.

Permission Model

The Drive module uses a comprehensive permission model that combines role-based access control with inheritance and fine-grained permissions.

permissions-example.json

Permission Components

  • Role Assignments: User and group permissions
  • Permission Inheritance: Cascading permissions from parent folders
  • Sharing Links: External access with configurable settings
  • Access Policies: Additional restrictions and controls
  • Audit Trail: Complete history of permission changes

Access Roles

Datar uses a role-based access control system with predefined roles that grant specific permissions.

Standard Access Roles

Role
Description
Capabilities
Viewer
Can view but not modify content
  • View files and folders
  • Download files
  • See file metadata
  • View version history
  • View comments
Commenter
Can view and add comments
  • All Viewer permissions
  • Add comments to files
  • Reply to existing comments
  • Mention users in comments
Editor
Can view, edit, and share content
  • All Commenter permissions
  • Edit file content
  • Upload new versions
  • Create new files and folders
  • Move and rename items
  • Share with others (same or lower role)
Owner
Has full control over content
  • All Editor permissions
  • Delete files and folders
  • Manage permissions
  • Transfer ownership
  • Set access policies
  • Restore deleted items
Custom roles can be defined by system administrators to create more granular permission sets that match your organization's needs.

Permission Management

Datar provides powerful tools for managing permissions across your drive.

Assigning Permissions

You can grant access to files and folders in several ways:

  • Individual Users: Grant access to specific users by name or email
  • User Groups: Assign permissions to entire departments or teams
  • Directory Integration: Sync with organizational structures from your identity provider
  • External Users: Grant access to partners or clients outside your organization

Best Practices:

  • Prefer group-based permissions over individual assignments for easier management
  • Apply permissions at higher folder levels when appropriate
  • Use the principle of least privilege - grant only the access level needed
  • Regularly audit and review permissions
[Permission Assignment Interface]

Sharing

Datar Drive provides flexible options for sharing content with both internal and external users.

Internal Sharing

Share within your organization:

  • Direct user and group assignments
  • Shared drives for team collaboration
  • Organization-wide access options
  • Sharing suggestions based on collaboration patterns
  • Bulk sharing operations
  • Access request workflows

External Sharing

Share with external collaborators:

  • Secure sharing links with custom settings
  • Password protection for sensitive content
  • Expiration dates for temporary access
  • Download restrictions and watermarking
  • View-only web presentation mode
  • External user authentication options
Configuration Option
Description
Access Level
Set to View, Comment, or Edit permissions
Password Protection
Require a password to access the shared content
Expiration Date
Set a date when the sharing link will automatically expire
Download Restriction
Prevent recipients from downloading the shared files
Access Tracking
Monitor who has accessed the shared content and when
Email Notifications
Receive alerts when the shared content is accessed
Domain Restriction
Limit access to specific email domains
Watermarking
Apply visible watermarks to document previews
[Sharing Interface Visualization]
External sharing capabilities can be restricted by administrators based on organizational security policies. Check your company's sharing guidelines before sharing sensitive information.

Security Features

Datar Drive includes comprehensive security features to protect your content.

  1. Data Encryption

    All content in Datar Drive is protected with strong encryption both in transit and at rest.

    Key Features
    • TLS 1.3 for all communications
    • AES-256 encryption for stored content
    • Encrypted file previews
    • Customer-managed encryption keys (optional)
    • Secure key management

  2. Access Controls

    Multi-layered access controls protect content from unauthorized access.

    Key Features
    • Role-based access control
    • Multi-factor authentication support
    • IP address restrictions
    • Device trust evaluation
    • Session expiration policies

  3. Content Protection

    Prevent data loss with advanced content protection features.

    Key Features
    • Information rights management
    • Watermarking for sensitive documents
    • Download and print restrictions
    • Screen capture prevention
    • Controlled viewing environments

  4. Security Monitoring

    Continuous monitoring for suspicious activities and policy violations.

    Key Features
    • Real-time access monitoring
    • Anomaly detection
    • Security alerts and notifications
    • Comprehensive audit logs
    • Integration with SIEM systems

Compliance and Governance

Datar Drive helps organizations meet compliance requirements and implement data governance policies.

Compliance Features

Support for regulatory compliance:

  • Detailed audit trails for all access events
  • Data residency controls
  • Retention policy enforcement
  • Legal hold capabilities
  • Data loss prevention (DLP) integration
  • Compliance reporting and dashboards

Governance Tools

Implement organizational data policies:

  • Automated classification of sensitive content
  • Content lifecycle management
  • Custom governance workflows
  • Policy-based sharing controls
  • Regular access reviews
  • Centralized policy administration
Datar Drive's compliance features can be configured to meet various regulatory requirements including GDPR, HIPAA, SOX, and industry-specific regulations.

Access Control Best Practices

  1. Implement Least Privilege Access

    Grant users only the permissions they need to perform their job functions. Regularly review and revoke unnecessary access to minimize your security footprint.

  2. Organize with Permission Inheritance in Mind

    Structure your folders to leverage permission inheritance effectively. Group content that should have the same access level together to simplify permission management.

  3. Use Groups for Permission Assignment

    Assign permissions to groups rather than individual users whenever possible. This reduces administrative overhead and ensures consistent access policies as team members change.

  4. Set Appropriate Sharing Defaults

    Configure default sharing settings that align with your security requirements. Restrict broad sharing options for sensitive departments or content types.

  5. Implement Access Reviews

    Schedule regular access reviews to identify and revoke unnecessary permissions. Focus especially on sensitive content and departing employees' access rights.

  6. Educate Users on Sharing Practices

    Train users on appropriate sharing practices and the security implications of different sharing options. Help them make informed decisions when sharing content.

Related Drive Components

  1. File Management

    Learn the basics of managing files and folders in the Drive module.

    Learn more →

  2. File Versioning

    Understand how to track changes and manage file versions over time.

    Learn more →

  3. Metadata Management

    Discover how to use metadata to organize and classify your content.

    Learn more →

Was this documentation helpful?