Support Center > Search Results > SecureKnowledge Details
Capsule Docs Classification Model Technical Level
Solution

Check Point Capsule Docs Classification model

Check Point Capsule Docs provides the ability to protect sensitive data. The protection of the data comprises three main elements:

Protection Explanation
Classification A set of access permissions and visual attributes (markings such as header/footer/watermark) that can be assigned to documents. The On Premises solution supports setting different permissions for Internal/External users.
Authorized Users A set of users/groups that are authorized to access (read) the document. Each authorized user is granted with additional permissions due to the applied classification and his role.
Roles

A role is a named entity that determines the permissions associated to an authorized user.

  • Default permissions

    These permissions are set to be based on the assigned classification. Default role can be divided into 2 different sub-roles with two different sets of permissions (*):

    • Internal - Assigned automatically to the AD users of the organization. Can be manually configured to impact users from other domains as well.

    • External - Assigned automatically to 3rd party (non-AD) users.


  • Elevated / Author (*) permissions

* Note: Supported for the On Premises solution only.

Roles can be leveraged to achieve different permissions for different authorized users/groups.

Default values for each of the elements specified above can be determined by the administrator to assure seamless experience for the end users.

 

Check Point Capsule Docs Classification Permissions

 

Permission State Client Behavior
Edit Yes Editing the content of the protected documents is allowed.
No

Editing the content of the protected documents is denied.

  • The user can modify the content of the document but gets a denial message upon Save (or Save As) of the changes.
Add Users Yes Modifying the list of authorized users is allowed.
No

Modifying the list of authorized users is denied.

  • The user can not modify the list of authorized users.
  • The user can not choose a favorite protection setting that contains different set of authorized users than the current one.
Change Classification Yes Changing the applied classification is allowed.
No

Changing the applied classification is denied.

  • The user can not change the applied classification.
  • The user can not choose a favorite protection setting that contains different classification than the current one.
  • The user can not unprotect documents.
Unprotect Yes

Unprotecting protected documents is allowed.

  • The user can choose the "Personal" classification and remove both protection and corporate markings from the document.
  • The user click on the lock icon on the toolbar and remover the protection while keeping the corporate markings on the document.
No

Unprotecting protected documents is denied.

  • The user can not unprotect a protected document.
Ask

Unprotecting protected documents is not recommended.

  • The user gets a denial message for unprotecting protected document. The user may override the organizational policy and unprotect the document by providing a justification that can be viewed by the administrator.
Mobile Access Yes
  • Viewing protected documents on mobile devices is allowed.
  • Viewing protected documents on the designated web viewer (available only for the Cloud solution) is allowed.
No
  • Viewing protected documents on mobile devices is denied.
  • Viewing protected documents on the designated web viewer (available only for the Cloud solution) is denied.
Print Yes Printing protected documents is allowed.
No

Printing protected documents is denied.

  • Printing protected documents on physical printers is denied. The user gets a denial message when trying to print a protected document.
  • Printing protected documents to file is enforced on the next components only:
    • Acrobat PDFWriter
    • Adobe PDF Converter
    • AdobePS Acrobat Distiller
    • Amyuni Document Converter 300
    • CutePDF Writer
    • DocuCom PDF Driver
    • eFax 4.4
    • FinePrint pdfFactory
    • Microsoft Office Document Image Writer Driver
    • Microsoft Office Live Meeting 2007 Document Writer Driver
    • Microsoft Office Live Meeting Document Writer Driver
    • Microsoft Shared Fax Driver
    • Microsoft XPS Document Writer
    • PDF Printer Driver x86
    • PDF Printer x64 Driver
    • pdfFactory 2
    • pdfFactory 3
    • PrimoPDF
    • Remote Desktop Easy Print
    • Send To Microsoft OneNote 2010 Driver
    • Send To Microsoft OneNote Driver
    • SnagIt 10 Printer
    • SnagIt 11 Printer
    • SnagIt 12 Printer
    • SnagIt 13 Printer
    • SnagIt 7 Printer
    • SnagIt 8 Printer
    • SnagIt 9 Printer
    • Terminal Services Easy Print
Screen Capture Yes Screen captures are allowed while protected documents are displayed.
No

Screen captures are denied while protected documents are displayed.

  • Windows Clients:
    • The user gets a message that asks him to minimize all displayed protected documents upon PrintScreen click.
    • The user gets a denial message upon capturing protected documents with Snipping tool.
    • Other screen capture tools are not enforced.


  • Mac OS X Client:
    • Screen Capture is not enforced.


  • Mobile Clients:
    • Screen Capture is not enforced.
Ask

Screen captures are not recommended while protected documents are displayed.

  • Windows Clients:
    • The user gets a message that asks him to minimize all displayed protected documents upon PrintScreen click. The user may override the denial by providing a justification that can be viewed by the administrator.
    • The user gets a denial message upon capturing protected documents with Snipping tool.
    • Other screen capture tools are not enforced.


  • Mac OS X Client:
    • Screen Capture is not enforced.


  • Mobile Clients:
    • Screen Capture is not enforced.
Copy Paste Yes Pasting content that was copied from a protected document is allowed everywhere.
No

Behavior:

Copy From Paste In Action
Protected Document Unsupported Text Editor

Deny

  • Pasted content will be:
    Cannot paste this data. It is protected by a Check Point Capsule Docs policy (<classification name>).
Protected Document Unprotected Document

Ask

The user has to choose between two options:

  • Approving the paste operation and automatically applying the protection level of the source protected document to the target unprotected document.
  • Canceling the paste operation.
Protected Document Protected Document with the same protection settings Allow
Protected Document Protected Document with different protection settings

Deny

  • The user gets a denial message when trying to paste the data.
Unprotected Document Protected Document Allow
Unsupported Text Editor Protected Document Allow

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment