Exploring Dynamic Access Control Part 2 - Classification
Dynamic Access Control is a way for you to secure your resources (such as files and folders) without having to manage groups or user lists. In the previous post I looked at the basics of Dynamic Access Control. In this post I will be looking at Classification of resources.
Classification
You may have also noticed a new tab on the properties, which is Classification:
Here you can classify resources with additional properties. This allows us to generalize our conditions, rather than explicitly saying "User department Equals Engineering" we can say "User department matches the Resources Department", which can be applied on all folders so that if a Resource has a department classified, the user must be in that department to access it.
However we want to simplify the management of who can access resources, and getting users to classify their data can be time consuming. So we can automatically classify resources in the File Server Resource Manager's Classification Rules:
This allows us to specify a scope and rules to set classifications based on content. For example, if a file contains the text "High Impact", we can create a rule to look for that text and set the classification to "High Impact".
From above we can click "Configure…" on the Create Classification Rule dialog, and we can set what to search for as either a String or Regular Expression:
Further from this, we can also run automatic encryption, Custom tools etc. against classified files using the File Management Tasks:
For our example, this allows us to encrypt all High Impact files automatically to further protect our data when it leaves our controlled environment (on memory sticks etc.).
The next post will look at Resource Properties and Claims.
Posts in this series:
Part 2 – Classification