Post

3 followers Follow
1
Avatar

Security and Data Loss Prevention with Shared Links and Widgets

Clarizen has the ability to share links and widgets with anyone. Anyone receiving the link can forward it to anyone.
This is great, unless if that information is classified.
With Clarizen containing classified information, this is a potential security breach.
The out-of-the box solution is to apply a password and/or set an expiry date to the link.
But that is not good enough, because there is no option to enforce it. The user can choose to set a password or not.
My idea is to set a system option that will enable the administrator enforce security restrictions on links.
Thanks,
Arnon

CR-277862

Arnon Yaffe Not planned

Please sign in to leave a comment.

5 comments

0
Avatar

I think this could more elegantly be managed by the ability to create Validation rules on "Share" functionality, something I have also asked for.

This way you could set which actions (particular) users would be allowing to set (and not set).

Peter Fjelsten 0 votes
Comment actions Permalink
0
Avatar

Arnon,

Thank you for submitting this request. Your change request was logged. ID: CR-277862.

Boris Krutiy 0 votes
Comment actions Permalink
0
Avatar

Arnon,

Please take note that we also have System Setting which mandates user authentication before viewing a shared widget.

3.6 Widget view authentication requirement

Boris Krutiy 0 votes
Comment actions Permalink
0
Avatar

Hi Boris,

Thank you for pointing out that setting.

The problem is that with that setting turned to ON, you have to go through the Clarizen Login screen to see the widget, hence only people with a Clarizen license can view the widget.

The enhancement I am looking for is a setting that will mandate the use of password for the widget and may mandate the expiry (two settings) but will not limit the widget to having a Clarizen license.

Thanks,
Arnon

Arnon Yaffe 0 votes
Comment actions Permalink
0
Avatar

Hi Boris,

I also noticed that when you setup setting "3.6 Widget view authentication requirement" the Roadmap Widget does not show on the Periodic Project Report (PPR).

We are using the PPR, so we cannot turn that setting to ON.

Arnon

Arnon Yaffe 0 votes
Comment actions Permalink