Security issue concern

This is an enormous question. much deeper than it appears on the surface.

Start with how are you protecting the files that are on regular windows shares? If you have a system in place for that you might be able to adapt it to your projectwise. if you don't have that and you want to use projectwise as a way to accomplish that:

"a user" - what user, just anybody in the company or a user that actually has to do work on the files? For the first, if they don't need access to projectwise, don't give to them. Additionally make sure your security is tightened down so users don't get access to files they shouldn't.

"take data out" - take data out by what methods? Cloud service file transfer services (dropbox, send.firefox.com, etc...)? USB thumbdrive? Do they have a laptop they can just walk out with? What if they take pictures of the screen with their phone?

Number 1 is don't give access to files users don't need access to. If user needs access to the file and they open the file - the file is copied to the local machine. If they scour hard enough they can find that file on the local machine. At this point it's a matter of denying them ways to get that data off the local computer. Blocking cloud service file transfers, locking down USB ports, policies against cameras in the workplace, no laptops, etc....

Without deciding on your paranoia level this question really can't be answered.

Thank you Kevin

Further to Kevin's reply, permissions within ProjectWise can get very complicated.

Are you trying to stop someone accessing an entire datasource, or just a specific work area within the datasource? If it is just a specific work area, you will need to ensure that the permissions are explicit through the whole folder tree. If someone is specified as no access at a high level folder, but is in another group or list with access to a sub-folder, they will be able to see the files by way of a search.

Hi Mick

For the search I was aware of this, find it useful but never had a chance to really implement in production

From the request I receive I decode this............  prevent from exporting, prevent to save as, prevent from copy-out/check out but at the same time allow client cache to be populate with an auto delete upon closing the document. Or hash the document in the local cache so it can be read only by an authorize client. The decrypt key will be set randomly in the admin panel and change every X minutes.

I saw the captivate function that may seems to solve some issue, like prevent to save outside of ProjectWise ( If I read correctly)

I could resume this to projecting/streaming the document on the screen, block the print screen so the only way to extract the data would be to take a picture of the screen...

Has Kevin Highlight unless I know exactly the paranoia level people have  about the share information we distribute :-)    it will be hard to figure out the proper setup/configuration.

Thank you for your in put. This is the type of feedback I as looking to help me build an idea of what is available and what can be configure

Unless there is something that I have missed, you will not be able to fulfill that criteria. If you can open a file as read-only, you have the ability to export or save-as. Even a captive environment does not stop the ability to export. It may stop the save-as but only on certain programs.