Secure collaboration

Productivity Storm

Workaround for Creating Groups

Sandstorm does not provide for the possibility of dividing people into groups, apart from the members of the organization who are identified by the domain of the email address. However, grains can be organized into groups in the Collections app by combining different documents in a group and then sharing them with a single link. You can set individual permissions for each document in this collection. Groups are convenient if you want to share multiple documents with multiple editors.

Even after sharing, additional grains can be added to a group so that you only need one collection for teams, which then contains all documents. In fact, you can add more collections to a collection, even recursively. However, avoid overdoing recursion, especially with different permissions; in our tests, this practice repeatedly led to session errors being thrown.

Useful Management Tools

In addition to the functions already discussed, Sandstorm offers useful features for managing grains, which you can access from the menu at the top of the page. The Move to trash feature, as expected, deletes the document and all associated shares and resources. The Show Debug Log display icon points experts and developers to log messages to assist with troubleshooting in case of problems. However, as a normal user, you won't find much information for working with grains here. The Restart App icon should also not be used under normal circumstances.

The Download Backup option for backing up a grain, on the other hand, is very useful. The icon downloads a ZIP file that you can use for recovery, which can be triggered by pressing the Grains | Restore backup button at top right. If the original grain still exists for your user, Sandstorm creates a new instance with the status at the time of the backup. Unfortunately, the shares are not part of the backup, so you have to create them again manually after a restore.

If you want to test different scenarios within a grain or need different versions, the clone function is a useful tool. Much like restoring a backup, Sandstorm duplicates the grain in its current state. In this case, as with a backup, shares are not transferred to the cloned object. You would need to create these again if needed.

Conclusions

The list of apps you can use in Sandstorm is already considerable and is growing. Setting up the software is as easy as pie for administrators. Although the application starts the apps multiple times – in addition to the grains after access – resource usage is fairly low compared with other container environments. Sandstorm is therefore useful for running on less powerful machines. Unfortunately, user and grain management are currently fairly rudimentary. The assignment to your organization is based entirely on your choice of the email domain, and you can only create groups with the Collection app. All told, though, Sandstorm offers a carefully considered and surprisingly functional approach to isolating documents in an anonymously shareable and cooperatively usable environment.

Infos

  1. Sandstorm: https://sandstorm.io

The Author

Dr. Matthias Wübbeling is an IT security enthusiast, scientist, author, consultant, and speaker. As a Lecturer at the University of Bonn in Germany and Researcher at Fraunhofer FKIE, he works on projects in network security, IT security awareness, and protection against account takeover and identity theft. He is the CEO of the university spin-off Identeco, which keeps a leaked identity database to protect employee and customer accounts against identity fraud. As a practitioner, he supports the German Informatics Society (GI), administrating computer systems and service back ends. He has published more than 100 articles on IT security and administration.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus