Wednesday, April 25, 2012

NextLabs’ Entitlement Manager Issue #3 - Could not Apply Policy To Downloaded Documents in Outlook


We are evaluating NextLabs EntitlementManager to restrict the users belong to some security groups toaccess selected site collections with sensitive information even these users have been granted the permission through individual account, any AD groups, or email list groups. After we have set up the policy and restrict the access to a list and try to access through outlook, we identified some expected behavior – the downloaded document will not be protected by the SharePoint policy!
 
Here are the procedures to reproduce the issue.
  1. Connect list/library from SharePoint to outlook. Make sure you have the access.
  2. Access the list/library and open one of the documents (.doc file) from outlook.
  3. Apply the deny policy to the list to deny access to all .doc files. Make sure you could not access those .doc files when you try from SharePoint UI.
  4. Access the list/library and open one of the documents (.doc file) from outlook.


You will see two categories of the documents as displayed in the screen shot. One category is the “Downloaded Documents” that you have viewed before. Another is “Available for Download” that you have not accessed before. You will still be able to access any documents inside “Downloaded Documents” but will NOT be able to access any documents inside “Available for Download”.

The reason this is expected because the “Downloaded Documents” are already on your local machine. Unless the content or version has been updated on SharePoint, outlook will not retrieve again the document from SharePoint. The policy could not be trigger. This is same to any other scenarios that NextLabs’ Entitlement Manager could not protect any files outside SharePoint!

This case did not seem to be critical since it only applies to ALL the following conditions.
  • User has to have the access one time
  • User has open the document from outlook one time
  • User has not delete the local cached document
  • The document on SharePoint has not been updated sine user open it from outlook

One another side, user is looking at the local document copy he/she has permission before the policy applied that is similar to look at document has been downloaded to the local.


No comments:

Post a Comment