working with sensitive information in Help

Report · Jan 26, 2009

All,

I'm looking for advice on how to deal with including "sensitive" information in Help. Specifically, there's a request to add information in Help on how our software's security settings are handled (i.e. setting up a user's security settings to access certain areas or perform certain functions within our software).

Regarding access, what's the best or most recommended method of limiting this information to only certain users (i.e. our customers' system administrators), without their end users seeing it? The issue would be a "regular" user accessing this information and finding a way of changing their own settings without the permission or consent of their sys admin.

The most immediate idea would be to maintain separate "Admin" and "End User" versions of the help system. This wouldn't be much work on my end, but I'm not sure if long-term there's interest in having different versions floating around, and of course if a savvy user finds where the admin-oriented help is located....

I'm open to any and all ideas. FWIW, we use RH 7 and our Help is in Microsoft HTML (.chm) files.

Report · Jan 26, 2009

The most obvious comment is your system should not allow a user to change the settings unless they have the requisite permission. They may be able to find out how but the system permissions should recognise they do not have the necessary authority and prevent them. Are you sure an ordinary user can change their settings? If they can, then the system would seem to be flawed.

It may be the system does prevent what you suggest but a client is insisting that notwithstanding they do not want end users to see the instructions, that is a different situation. Could that help not be located in a different folder to which your developers control access by a password?

Help others by clicking Correct Answer if the question is answered. Found the answer elsewhere? Share it here. "Upvote" is for useful posts.

Report · Jan 27, 2009

I'm technically just rephrasing the original question, but was wondering specifically if there is any way to password protect specific topics with a project?

Thanks!

Lisa

Report · Jan 27, 2009

Hi Lisa

You can do it using JavaScript. But it's far from secure. Click here to visit a page that demonstrates this and provides the script.

Cheers... Rick

Report · Jan 27, 2009

quote:

Originally posted by: Captiv8r
Hi Lisa

You can do it using JavaScript. But it's far from secure. Click here to visit a page that demonstrates this and provides the script.

Cheers... Rick

Thanks for the link!

I'm not sure what support there might be in my office for moving to a different Help format, but increased security is probably a good selling point for a different format like WebHelp.

Report · Jan 27, 2009

Our software doesn't allow users to alter settings if they don't have the proper permissions to see and alter them...but if they find out where and how such settings exist, they may find a way of getting such permission by using another user's account.

I think the main thing we're wanting is to ensure that, even in a situation where a user obtains access to these settings, they wouldn't know how to manipulate them.

Report · Jan 27, 2009

Hi there

If you are using WebHelp, you could have your web admins configure specific folders so that only those with proper authority may see them. You would then ensure those sensitive topics were moved into those folders. There are many different approaches you might take with the help in this case. I just thought I'd toss this out for you to ponder.

If you are using compiled CHM files, you could simply create a merged setup where only if the CHM containing the sensitive information is available, the user sees it. Then distribute the sensitive CHM to only those that need it.

Cheers... Rick

Report · Jan 27, 2009

Tech Writer is using CHMs as per the first post.

If the system allows access in any way other than the use of passwords, then the only way in is knowing those passwords. If the SysAdmin is going to allow anyone to learn those, then the SysAdmin deserves the resulting mess they have to sort out.

In the absence of changing to WebHelp which would involve your developers changing the calls to the help at least, then putting your CHM into a folder controlled by permissions seems the only option except for one thing. The concern here is a user who finds out how to crack permissions! :-)

Help others by clicking Correct Answer if the question is answered. Found the answer elsewhere? Share it here. "Upvote" is for useful posts.

Report · Jan 27, 2009

D'oh! Thanks Peter. Somehow managed to space that off.

That'll learn me to multitask when the snow flies!

Report · Jan 27, 2009

Multi-tasking is for women!

Help others by clicking Correct Answer if the question is answered. Found the answer elsewhere? Share it here. "Upvote" is for useful posts.

Report · Jan 27, 2009

LOL, not according to my wife! Her definition of multitasking is:

Doing several things at once. NONE of them well at all.

She hates it with a deep and simmering purple passion typically reserved for the ilk of the Corporate Nazgul.

Adobe Community

working with sensitive information in Help

1 Correct answer