When you use Knowledge Connections (like Google Drive or Microsoft Sharepoint) to index your organization's content for use with le Chat, a primary concern is ensuring that existing access controls and permissions are respected.
Mirroring source permissions
Our platform is designed to mirror the user, group, and permission structures from your connected applications. We utilize Access-Control List (ACL) permissions from the source system (e.g., Google Drive, Sharepoint) to replicate the correct access rights for the appropriate users within le Chat.
π This means that if a user does not have permission to access a specific file or folder in the original application (like Google Drive or Sharepoint), they will not be able to access that content through le Chat either. Your data remains safely scoped according to its original permissions.
When a user queries le Chat using a Knowledge Connection, the system checks their entitlements against the indexed ACLs before retrieving or presenting any information.
Specifics for connected services
While the core principle of ACL mirroring applies broadly, there are some service-specific considerations, intended to make permissions still more secure:
Microsoft Azure / Sharepoint
Group Membership: For Sharepoint access, we primarily rely on Microsoft Entra ID (formerly Azure Active Directory) group memberships to determine permissions. Legacy Sharepoint site groups that are not backed by Entra ID groups may not be fully recognized for permission scoping.
Guest Access: Files or sites shared exclusively with external guest users in Sharepoint are generally not indexed or made accessible through the Knowledge Connection for regular internal users.
Google Drive
"Anyone with the link" Sharing: Files in Google Drive that are shared with the setting "Anyone with the link" are not automatically made visible to everyone in your organization through le Chat by default.
Access via le Chat will still typically depend on the file being specifically shared to specific users, group or the whole organization domain, rather than getting access to the link.
π By adhering to these principles, Knowledge Connections aim to provide powerful search and retrieval capabilities while maintaining the security and access controls you have established in your source data systems.