2 min read

Creating Secure and Access-Controlled Public Documentation

Creating Secure and Access-Controlled Public Documentation

Limiting access to documentation is a common practice for companies offering SaaS (software-as-a-service) products. While it may seem counterintuitive, public documentation like user guides, online manuals, and help documents can enhance a product's usability and popularity.

However, certain documents, such as SOPs (standard operating procedures), employee handbooks, and company policies, are intended for internal use only.

Additionally, there is product-specific technical documentation designed for developers (e.g., SDK and API documentation), marketers (e.g., MRDs and PRDs), technical/copywriters, and translators. This type of documentation can be referred to as "back-end" in contrast to the "front-end" documentation mentioned earlier (user guides, manuals, etc.).

Access to back-end documentation should be restricted to ensure that users or potential customers can only see the 'public face' or the end result of your work. This article will explain how to configure the authentication process to keep your sensitive information confidential.

Understanding the Requirements

Restricted access to documentation becomes necessary in various scenarios. For example, when users encounter restricted manuals in your documentation portal, they should be redirected to an explanation or directions on how to access (if they have the right role, etc.).

You can grant access to specific individual users or entire categories (e.g., reviewers, translators, or testers). You can decide which user categories can view or modify the information.

Another option is to provide access to documentation for all authenticated users of your product. In this case, they will automatically gain access to your documentation.

There are numerous options and scenarios to consider. 

Authentication can also provide you with valuable statistics.

When users authenticate to read a document, you can track who has viewed the topic, enabling you to understand the interests of your target audience better. It also allows you to restrict access to or archive documentation that is not in demand.

Implementing User Authentication

User authentication is a powerful tool for access control, allowing you to define permissions for users and authorize specific groups, such as customers, technical writers, stakeholders, and others.

Access with Single Sign-On (SSO)

SSO integration simplifies the login process for users by allowing them to access your product and portal using unified credentials.

Security through tokens: Tokens add an extra layer to the authentication process and can be valid for a certain period, enhancing security.

Defining User Roles and Permissions

Implement role-based access control, allowing you to define roles and assign appropriate permissions to users. This ensures that users can only perform actions permitted within their role.

Configuring Access Restrictions

Configuring access restrictions, you can use a platform to manage user permissions by adjusting their privileges, ranging from minimal to maximum. You can use features like setting visibility levels to Restricted for specific documents and projects, ensuring that they are only visible to authorized users.

Testing and Ensuring Security

You should consider an authentication cookie for security, which expires after 48 hours. The user can obtain an authentication token for reauthentication if a session expires.

Ongoing Management and Updates

Regularly reviewing and updating user roles and permissions is crucial as your product gains popularity and attracts more users to your documentation portal.

Access Control and Documentation Management

Access control is a fundamental aspect of documentation management. Choosing a documentation management tool that allows you to execute access control procedures quickly and effectively is essential.

Neuro-Inclusive Technical Writing

Neuro-Inclusive Technical Writing

In the tech world, creating documentation that is clear, accessible, and inclusive is essential to ensuring everyone can use and understand products...

Read More
Cognitive Load Theory in Technical Writing

Cognitive Load Theory in Technical Writing

Effectively conveying complex information to readers is a constant challenge. Cognitive Load Theory (CLT), a principle from educational psychology,...

Read More
How to Write Developer Documentation

How to Write Developer Documentation

Developer documentation serves as the cornerstone for every modern mobile or web application. Remember, these days, isolated software no longer...

Read More