How are Cloud Drive permissions handled by the CloudFiles
CloudFiles has been designed in a way that it inherently respects the cloud drive permissions (e.g. SharePoint folder permissions set by an admin). In this article we talk about the mirror drive architecture and how it works with Salesforce to respect the storage permissions.
Before we delve into details, it's worth becoming familiar with some terminology. Following are of special importance.
- Cloud Drive- External cloud storage that you are trying to connect to Salesforce. The cloud drive can be SharePoint, OneDrive, Google Drive, Box, Dropbox etc...
- Mirror Drive - This is a feature that enables a seamless 2-way sync between your cloud drive and your Salesforce records (wherever in Salesforce you are trying to access these files or folders).
- Content Library- This refers to a CloudFiles UI component that is available as a dialog or a tab at various places. This shows the external cloud drive to the user on Salesforce.
- Connected Folder - This is a specific widget that can be inserted on any record to manage the contents of external folders from Salesforce. E.g. see a list of files from a folder in SharePoint on a certain Salesforce record.
- Permissions - For the scope of this article, this strictly means cloud drive permissions. E.g. SharePoint permissions that an IT admin has set.
The article is divided into following sections -
- Mirror Drive Architecture- We explain the one-time user-level authentication required for connecting to cloud drives and how it is used to to fetch only a restricted set of files when accessing the cloud storage.
- Cloud Drive access in Content Library - In this section, we exemplify how the above works in context of accessing content library from Salesforce records and only lets users pick files only they have access to.
- Connected Folder access on Salesforce record - Here we exemplify how the architecture prevents unauthorized access to folders that are connected to Salesforce records and may be visible to multiple users.
Mirror Drive Architecture
The CloudFiles Mirror Drive feature enables a 2-way sync between the content library you see in Salesforce and your external cloud drive. It is built in such a way that whenever a Salesforce user tries to access any cloud drive, CloudFiles first ensures they are logged into that cloud drive using their own credentials. If the user is not logged in, they are directed to a new tab where the standard login process of the respective cloud drive is performed.
E.g., in the GIF below, the user is trying to access the CloudFiles content library from the CloudFiles App Launcher. In order to access SharePoint, the user must first login to SharePoint using their own credentials. Only then the SharePoint sites, files and folders become visible to the user.
Content Library Access on Salesforce Records
The CloudFiles Content Library is a component that often appears either in a tab or in a dialog when the user wishes to pick files from the overall library. E.g. if the user needs to link a folder to the folder connect widget from OneDrive, they would pick it using the content library dialog as shown below.
In the last section we had mentioned that whenever the user accesses this library the first time, they must login to their cloud drives. This lets us fetch file metadata & details using user's own credentials, preventing any unauthorized access by design.
In case user does not have access to certain resources in cloud drives (e.g. folders in google drive, sites in SharePoint), the content library won't show them. Thus the user will never be able to pick files or folders from them.
Connected Folder Access on Salesforce Records
Another use-case of this permission handling can be seen in Connected Folder Access on the widget. A use-case is possible where 2 users have access to the same Salesforce opportunity. However only one has access to the respective SharePoint folder. So the other user should not be able to see the folder when they view the Salesforce record.
The Folder Connect Widget handles this use-case by showing an error message as shown below. This lets the unauthorized user know that they don't have access to this content.
Note that the name of the connected folder may still be available for the other user to read since this is stored as metadata in Salesforce by the CloudFiles app for smooth functioning.