Stormshield Data Team

Stormshield Data Team can be configured in the teamPolicy section of the .json file. The table below describes its parameters. In the SDMC administration console, the equivalent parameters are found in Policies > Features > Team.

For more information on configuring this feature, see Configuring Stormshield Data Team in the Administration guide.

Parameter Description Possible values SDMC

accessToEncryptedFile

Indicates the accessibility of an encrypted file. Allowed values are:

  • "always" to access it regardless of the certificate status,

  • "notIfRevokedOrCrlExpired" to deny access if the encryption key is revoked or the CRL is not available,

  • "notIfCertificateHasAnIssue" to deny access if the certificate has a warning or error.

always,

 

 

 

 

notIfRevoked
OrCrlExpired,

 

 

 

 

 

 

 

 

notIfCertificate
HasAnIssue

 

 

 

 

 

Users can access an encrypted file regardless of the status of their certificate,

 

Users cannot access an encrypted file if the certificate of their encryption key is revoked or if the revocation list is not available,

 

Users cannot access an encrypted file if their certificate displays a warning or an error.
allowDecryption Indicates whether file decryption is allowed.

true,

false

 Allow encryption
allowDeletion Indicates whether file deletion is allowed.

true,

false

 Allow deletion
allowEncryptionAccordingToDefinedRules Indicates whether encryption is allowed according to the rules defined.

true,

false

 Allow encryption according to the rules defined
allowSaveAndRestore Indicates whether backups and restorations are allowed.

true,

false

 Allow save and restore
closeReportWindow

Indicates when to close the report window. Allowed values are:

  • "always" for the window to close after encryption,

  • "ifNoWarning" for the window to remain displayed when there is a warning,

  • "never" for the window to remain displayed after encryption.

always,

ifNoWarning, never

 Closing the report window
excludedFolders Optional. List of folders to be excluded. This list is recursive. Character string N/A
openEncryptedFileInUnsecuredFolder

Defines the behavior when opening an encrypted file in a non-secure folder. Allowed values are:

  • "allow" to allow it,

  • "deny" to prohibit it,

  • "readonly" to allow it in read-only mode.

allow,

deny,

readOnly

 Opening encrypted files in a non-secured folder
reencryptFilesWhenRemovingCoworkers Indicates whether files will be encrypted again if a co-worker is removed from the rule.

true,

false

 Encrypt again files when removing coworkers from a rule
secureDragAndDrop

Defines the behavior when files or folders covered by a Data Team rule are copied or moved to a non-secure folder. Allowed values are:

  • "keepCurrentRule" to apply the rule of the destination folder after moving or copying,

  • "forbidden" to prohibit copying or moving,

  • "noDecryption" to not decrypt the file after moving or copying.

keepCurrent
Rule,

 

 

forbidden,

 

 

 

noDecryption

Decrypt when copying or moving,

 

Prohibit copying or moving,

 

Keep encryption when copying or moving
setCreationDateToCurrentDate Indicates whether the creation date must be the current date.

true,

false

 Set creation date to current date
setModificationDateToCurrentDate

Indicates whether the modification date must be the current date.

true,

false

 Set modification date to current date
showCoworkers

Indicates when the rule is displayed. Allowed values are:

  • "always" so that all users can display the rule,

  • "onlyIfUserIsACoworker" so that only co-workers in the rule can show the rule,

always,

onlyIfUserIsA
Coworker

 Show co-workers
showSuccessfullyProcessedFiles Indicates whether correctly encrypted files are shown in the progress window.

true,

false

 Show encrypted files in the progress window
updateCoworkerKeyInKnownRules Indicates whether the co-worker's key is updated in the known rules after a key renewal.

true,

false

 Update a coworker's key in the known rules if the key has been renewed
useLocalCertificateState Indicates whether the status of the local certificate in the cache must be used if the CRL cannot be downloaded, or if it has expired.

true,

false

 Use local certificate state in cache if the revocation list cannot be downloaded or if it is expired