Governed Sharing enables sharing of Pyramid artifacts, discoveries or presentations, with other users (recipients). The artifacts are either shared as email attachments or as links to "live" content that is hosted and secured inside Pyramid itself. This flexible arrangement allows different levels of sharing, from easy interactions by email where content is not sensitive, through to tightly-governed access to sensitive content using identity-based security where admins may authorize, manage, and even deny access to linked artifacts.
The administrative Share Manager lets system admins see all the requests that have been processed and those that need to be processed, in the even a sharing request needs to be authorized,
Sharing Lifecycle
This topic walks you through the different stages of the Governed Sharing lifecycle. It is likely that different users will have responsibility for each of the stages, but it is important to understand the purpose of each step and how they fit together to create the overall functionality.
Before you begin
To be able to share your artifacts, Email Messaging must be enabled by your administrator. For details, see Message Settings.
Tip: The Shared Governance process is mediated by emails that are based on email templates. You may want to customize these email templates, for example, by adding your corporate logo to them or some of your own Copyright text. For more information, see Add or Edit an Email Template.
Opening the Share Content dialog
The Share option is available in the Status Bar (Discover), App Tabs (Discover, Present), in the Runtime and Viewer menus, Content Manager (Context Menu, Metadata panel), and using the Share Export button in the Print & Export dialog.
Sharing an Artifact
The basic process, when the Pyramid user decides they want to share their artifact with other users (recipients), is as follows:
- If the user is happy to share the artifact insecurely as an email attachment, they use Send Export to do so. The artifact is exported in the selected format, attached to an email, and the email is sent to each of the email addresses in the recipients list. The recipients can be anyone, and the exported content is effectively handed over to them to use as they wish.
- If the user wants to retain control over a sensitive artifact, they can share a link to a "live" copy of it using Share Link. In this case, the recipient doesn't receive an export that they can re-share, they are instead sent a link to view that artifact securely in Pyramid. The process of granting access to the linked artifact may either be automatic (happening on Share) or may be mediated by an administrator who approves access using the Share Manager.
- Click here to learn how to Send Exports and Share Links
Share Link Governance
Given the default configuration, a Pro user can share an artifact without administrator intervention if they own the artifact entirely (they own the Content Item itself, the Data Model that contains it, and the database is secured in Pyramid and not externally). When this Pro user clicks Share Link, a Direct Share is created; that is, a "copy" of the artifact is created in a Shared Items folder and a link to it is sent to each of the recipient email addresses.
If the Content Sharing configuration is disabled, the user is a Pro user but not the artifact owner, or they are not a Pro user, then the recipient will not be granted access to the linked artifact automatically. In this case, when the user clicks Share Link, an "unprocessed" Share Request is created in the Share Manager. The administrator then decides if they want to approve or deny the share. When approving the share, they can select to create the link as a Direct Share (as described above) or, if the artifact is saved to a Public location, they can assign a Built-in Role or Existing Roles to the artifact and its data source. This grants view access to the recipient.
Whenever a share is created, if the recipient was not already a user in Pyramid but was "known" (their email address is in the Authentication Provider), they are also created as a Viewer and assigned a seat. The seat enables the recipient to login and view the shared artifact in Pyramid.
- Click here to learn how to manage and approve Shared Links
Sharing Requests and Email Templates
The Share Link process potentially prompts several emails at appropriate points in the lifecycle; for example, if the recipient is newly created by this process, they are sent an onboarding email that helps them to log in and view the artifact. You can add or edit these Email Templates as you would any other.
- Click here for more information about creating and editing Email Templates
Accessing Shared Artifacts
When a Share Request is approved for a recipient (either automatically or by the administrator), the recipient can access the artifact using the link in the email or by navigating to the artifact in the CMS. Their access to the artifact depends on the access type and location of the shared artifact.
Direct Access
Where Direct Access is granted to a recipient, a "copy" of the shared item is created in the Shared Items folder of the recipient's My Content directory. This item is like a shortcut, in that it's not the real item and you can't change it. This example shows the My Content > Shared Items folder (including the Metadata panel) for a recipient who is a Pro and has been granted access to a discovery called "filtered":
Built-in or Existing Roles
If the Administrator selects Built-in Role or Existing Roles, there is no special shared location. The sharing is of the item in its public location.