Limit the creation of private communities

Posted on by

The idea behind social software like IBM Connections is to share information freely within your organisation as many more people could benefit from what you have to say then you can think of yourself. There can however be good reasons to limit the group of people that you share information with. Adhering to the GDPR for example. What we don’t want however is that people create new communities as private by default. Just to be safe. As people often need a little push to get them to behave the way we would like them to behave, it might be good to put up a little hurdle for people to create a private community. One way to do that is to limit the possibility to create a private community to a small group of people. The average user who wants a private community will need to make a special request and explain why they need their community to be private.

Within IBM Connections you can achieve that by altering the communities-policy.xml file (which can be found in the LotusConnections-config directory). By default the permission to create communities is bound to the community-creator role in the Communities application and by default this role is given to all authenticated users. In the communities-policy.xml file this role has these 3 permissions:

      <comm:permission class="com.ibm.tango.auth.permission.CommunityManagementPermission"
                       communityType="public"
                       action="create" />
      <comm:permission class="com.ibm.tango.auth.permission.CommunityManagementPermission"
                       communityType="publicInviteOnly"
                       action="create" />
      <comm:permission class="com.ibm.tango.auth.permission.CommunityManagementPermission"
                       communityType="private"
                       action="create" />

The last line gives the permission to create  private communities.

Some other roles in this file are Reader and System Administrator. If you want to put the system administrators in the role to create private communities for users who need them, you should move the last permission line to the System Administrator section. If you want to make a separate group of users responsible for this, you should perform these steps:

  • Move the ‘public’ and ‘publicInviteOnly’ lines under the Reader section
  • In the communities application, set Special Subjects for the community-creator role to ‘none’
  • Assign the group with the people to create private communities to that role
  • restart your communities application

 

Thanks to Christoph Stoettner for the info on the communities-policy.xml file. Also check out the official IBM documentation on this feature.