This is the multi-page printable view of this section. Click here to print.
Document Management
1 - Adding New Document Accounts
1.1 - Add AWS S3 Account
AWS S3 Setup
These steps need to be completed within the AWS console
- Sign into or create an Amazon Web Services (AWS) account
- Go to
All services > Storage > S3
in the console - Create a default or test bucket
- Go to
All Services > Security Identity & Compliance > IAM > Users
in the console - Select the
Create User
button - When prompted, enter a username and select
Access Key - Programmatic access
only. Select theNext: Permissions
button. - Select the option box called
Attach existing policies directly
- In the filter search box type
s3
. When the list filters down to S3 related items selectAmazonS3FullAccess
by checking the box to the left. Select theNext: Tags
button. - Skip this step by selecting the
Next: Review
button - Select the plus icon next to the
WasabiFullAccess
policy to attach the policy to the user. Select theNext
button. - Review the User settings and select
Create user
- Capture the keys generated for the user by downloading the CSV or copy/pasting the keys somewhere for use later. You will not be able to retrieve this key again so keep track of it. If you need to regenerate a key simply go back to step 5 above.
You should now have everything you need to add your S3 account to PlaidCloud Document.
PlaidCloud Document Setup
- Sign into PlaidCloud
- Select the workspace that the new Document account will reside
- Go to
Document > Manage Accounts
- Select the
+ New Account
button - Select
Amazon S3
as the Service Type - Fill in a name and description
- Leave the Start Path blank or add a start path based on an existing Wasabi account hierarchy. See the use of Start Paths for more information.
- Select an appropriate
Security Model
for your use case. Leave itPrivate
if unsure. - Paste the Access Key created in step 12 above into Public Key/User text field under Auth Credentials
- Paste the Secret Key created in step 12 above into the Private Key/Password text field under Auth Credentials
- Select the Save button and your new Document account is live
1.2 - Add Google Cloud Storage Account
Google Cloud Setup
These steps need to be completed within Google Cloud Platform
- Sign into or create a Google Cloud Platform account
- Select or create a project where the Google Cloud Storage account will reside
- Go to
Cloud Storage > Browser
in the Google Cloud Platform console - Create a default or test bucket
- Go To
IAM & Admin > Service Accounts
in the Google Cloud Platform console - Select the
+ Create Service Account
button - Complete the service account information and create the account
- Find the service account just created in the list of service accounts and select
Manage Keys
from the context menu on the right - Under the
Add Key
menu, selectCreate a Key
- When prompted, select JSON format for the key. This will generate the key and automatically download it to your desktop. You will not be able to retrieve this key again so keep track of it. If you need to regenerate a key simply go back to step 8 above.
- Go to
IAM & Admin > IAM
in the Google Cloud Platform console - Find the service account you just created and click on the edit permissions icon
- Add
Storage Admin
andStorage Transfer Admin
rights for the service account and save. Note less permissive rights can be assigned but this will impact the functionality available through Document.
You should now have everything you need to add your GCS account to PlaidCloud Document.
PlaidCloud Document Setup
- Sign into PlaidCloud
- Select the workspace that the new Document account will reside
- Go to
Document > Manage Accounts
- Select the
+ New Account
button - Select
Google Cloud Storage
as the Service Type - Fill in a name and description
- Leave the Start Path blank or add a start path based on an existing GCS account hierarchy. See the use of Start Paths for more information.
- Select an appropriate
Security Model
for your use case. Leave itPrivate
if unsure. - Open the Service Account JSON key file you downloaded in step 10 above and copy the contents
- Paste the contents into the Auth Credentials text area
- Select the Save button and your new Document account is live
1.3 - Add Wasabi Hot Storage Account
Wasabi Hot Storage Setup
These steps need to be completed within the Wasabi Hot Storage console
- Sign into or create a Wasabi Hot Storage account
- Go to
Buckets
in the console - Create a default or test bucket
- Go to Users in the console
- Select the
Create User
button - When prompted, enter a username and select
Programmatic (create API key)
user - Skip the group assignment. Select the
Next
button - Select the plus icon next to the
WasabiFullAccess
policy to attach the policy to the user. Select theNext
button. - Review the User settings and select
Create User
- Capture the keys generated for the user by downloading the CSV or copy/pasting the keys somewhere for use later. You will not be able to retrieve this key again so keep track of it. If you need to regenerate a key simply go back to step 5 above.
You should now have everything you need to add your Wasabi account to PlaidCloud Document.
PlaidCloud Document Setup
- Sign into PlaidCloud
- Select the workspace that the new Document account will reside
- Go to
Document > Manage Accounts
- Select the
+ New Account
button - Select
Wasabi Hot Storage
as the Service Type - Fill in a name and description
- Leave the Start Path blank or add a start path based on an existing Wasabi account hierarchy. See the use of Start Paths for more information.
- Select an appropriate
Security Model
for your use case. Leave itPrivate
if unsure. - Paste the Access Key created in step 10 above into Public Key/User text field under Auth Credentials
- Paste the Secret Key created in step 10 above into the Private Key/Password text field under Auth Credentials
- Select the Save button and your new Document account is live
2 - Account and Access Management
2.1 - Control Document Account Access
Four types of access restrictions are available for an account: Private, Workspace, Member Only, and Security Group. The type of restriction set for a user is editable at any time from the account form.
Updating Account Access
- Select
Document > Manage Accounts
within PlaidCloud - Enter the edit mode on the account you wish to change
- Select the desired access level restriction located under
Security Model
- Select the Save button
Restriction Options
All Workspace Members
This access is the simplest since it provides access to all members of the workspace and does not require any additional assignment of members.
Specific Members Only
This access setting requires assignment of each member to an account. This option is particularly useful when combined with the single sign-on option of assigning members based on a list of groups sent with the authentication. However, for workspaces with large numbers of members, this approach can often require more effort than desired, which is where security groups become useful. To choose specific members only:
- Select the members icon from the Manage Accounts list
- Drag the desired members from the
Unassigned Members
column on the left, to theAssigned Members
column on the right - To remove members, do the opposite
- Select the Save button
Specific Security Groups Only
With this option, permission to access an account is granted to specific security groups rather than just individuals. With access restrictions relying on association with a security group or groups, the administration of accounts with much larger user counts becomes much simpler. To edit assigned groups:
- Select the groups icon from the Manage Accounts list
- Drag the desired groups from the
Unassigned Groups
column on the left, to theAssigned Groups
column on the right - To remove groups, do the opposite
- Select the Save button
Remote agents
PlaidLink agents will often use Document accounts to store files or move files among systems. To allow remote agents access to Document accounts, agents MUST have permission granted. This is a security feature to limit unwanted access to potentially sensitive information. To add agents:
- Select the agent icon from the Manage Accounts list
- Drag desired agents from the
Unassigned Agents
column on the left, to theAssigned Agents
column on the right - To remove agents, do the opposite
- Select the Save button
2.2 - Document Temporary Storage
Temporary storage may sound counter-intuitive, but real-world use has shown it to be valuable. Typically, permanent storage is used to move large files between members or among other systems, and file cleanup in these storage locations often happens haphazardly, at best. This causes storage to fill with files that shouldn’t be there, eventually requiring manual cleanup.
Temporary storage is perfect for sharing or transferring these types of large files because the files are automatically deleted after 24 hours.
To view temporary storage options
- Go To the
Document > Temp Share
in PlaidCloud
Shared Temporary Storage
Shared temporary storage is viewable by all members of the workspace but is not viewable across workspaces. To access the shared temporary storage area, select the Temp Share
menu and click Workspace Temp Share
to display a table of files currently in the workspace’s Temp Share area.
To add new files to a shared temporary storage location
- Select the
Temp Share
menu along the top of the main Document page - Click
Workspace Temp Share
- Click
Browse
to browse locally stored items - Select the desired file and click
Open
- Click
Upload
to upload the file to the temporary storage location
To download existing files from temporary storage
- Click on left-most icon, which represents the file type
To manually delete a file
- Click the red delete icon to the left of the file name.
Additional details on file management can be found below under “File Explorer”.
Personal Temporary Storage
Personal temporary storage is only viewable by the member to which the temp share belongs. This storage option is beneficial because it’s accessible across workspaces. This functionality makes it easy to move or use files across workspaces if the member is working in multiple workspaces simultaneously.
All members of the workspace can upload files to a members personal share as a dropbox.
To upload a file to another member’s personal share:
- Select the
Temp Share
menu along the top of the main Document page - Select
Drop File to Member Temp.
A list of members will be displayed. - Click the left-most icon associated with the member of your choosing
- Click
Browse
to browse locally stored items - Select desired file and then click
Open
- Click
Upload
to upload the file to the member’s personal storage
Additional details on file uploading can be found below under “File Explorer”.
2.3 - Managing Document Account Backups
Document enables the backup of any account on a nightly basis. This feature permits backup across different cloud storage providers and on local systems. Essentially, any account is a valid target for the backup of another account.
The backup process is not limited to a single backup destination. It is possible to have multiple redundant backup locations specified if this is a desired approach. For example, the backup of an internal server to another server may be one location with a second backup sent to Amazon S3 for off-site storage.
By using the prefix feature, it’s possible to have a single backup account contain the backups from multiple other accounts. Each account backup set begins its top level folder(s) with a different prefix, making it easy to distinguish the originating location and the restoration process. For example, if you have three different Document accounts but want to set their backup destination to the same location, using a prefix would allow all three accounts to properly backup without the fear of a name collision.
Reviewing Current Backup Settings
- Go to Document > Manage Accounts
- Select the backup icon for the account you wish to review
Creating a Backup Set
- Go to Document > Manage Accounts
- Select the backup icon for the account for which to create a backup
- Select the
New Backup Set
button - Complete the required fields
- Select the
Create
button
The backup process is now scheduled to run nightly (US Time).
Updating a Backup Set
- Go to Document > Manage Accounts
- Select the backup icon for the account for which to edit a backup
- Select the edit icon of the desired backup set
- Adjust the desired information
- Select the
Update
button
Deleting a Backup Set
- Go to Document > Manage Accounts
- Select the backup icon for the account for which to edit a backup
- Select the delete icon of the desired backup set
- Select the
Delete
button
2.4 - Managing Document Account Owners
The member who creates the account is assigned as the owner by default. However, Document accounts are designed to support multiple owners. This feature is helpful when a team is responsible for managing account access or when there is member turnover. Adding and removing owners is similar to adding and removing access permissions.
Add or Remove Owners
- Go to
Document > Management Accounts
in PlaidCloud - Select the owners icon in the Manage Accounts list
- Drag new owners from the
Unassigned Members
column on the left to theAssigned Members
column on the right - To remove owners, do the opposite
- Select the Save button
Because only owners have the ability to view and edit an account, account administration is set up with two levels:
- The member needs security access to view and manage accounts in general, and
- The member must be an owner of the account to view, manage, and change settings of accounts
2.5 - Using Start Paths in Document Accounts
The account management form allows the configuration of the storage connection information and a start path. A start path allows those who use the account to begin browsing the directory structure further down the directory tree. This particular option is useful when you have multiple teams that need segregated file storage, but you only want one underlying storage service account.
The Start Path option in Document accounts is useful for the following reasons:
- When controlling access to sub-directories for specific teams and groups
- Granting access to only one bucket
For example, setting a start path of teams/team_1/ for the Team 1
Document account and teams/team_2 for the Team 2
Document account provides different start points on a shared account. When a member opens the Team 1 Document account they will begin file navigation inside team/team_1. They will not be able to move up the tree and see anything above teams/team_1.
Team 2 would have a similar restriction of not being able to navigate into Team 1's area.
This provides the ability to restrict specific teams to lower levels of the tree while allowing other teams higher level access to the tree while not needing any additional cloud storage complexity like additional buckets or special permissions.
Adding and Updating the Start Path
- Go to Document > Manage Accounts
- Select the account you wish to edit and enter the edit mode
- Add a Start Path in the Start Path text field
- Select the save button
Start Path Format
The path always begins with the bucket name followed by the sub-directories.
<my-bucket>/folder1/folder2/
3 - Using Document Accounts
Several file operations are available within a Document Account browser. All operations are accessible from a right-click menu within the file browser. The right-click menu provides specific options depending on whether a folder or file is selected.
To open the file explorer:
- Click on the folder icon (far left) from the list of private or shared accounts
Opening File Explorer
- Go to Document > Shared Accounts
- Select the folder icon (far left) for the account you wish to explore
The various file and folder operations available in the file explorer are detailed below:
- Folders:
- uploading new folders
- creating new folders
- renaming, deleting, and downloading current folders as ZIPs
- Files:
- downloading new files
- renaming, deleting, and refreshing current files.
Upload a File
- Go to Document > Shared Accounts
- Select the folder icon (far left) for the account you wish to explore
- Browse to the desired directory
- Right-click and select
Upload Here
Download a File
- Go to Document > Shared Accounts
- Select the folder icon (far left) for the account you wish to explore
- Browse to the desired directory
- Left-click to select the desired file
- Right-click and select
Download
Rename a File
- Go to Document > Shared Accounts
- Select the folder icon (far left) for the account you wish to explore
- Browse to the desired directory
- Left-click to select the desired file
- Right-click and select
Rename
Move a File
- Go to Document > Shared Accounts
- Select the folder icon (far left) for the account you wish to explore
- Browse to the desired directory
- Left-click to select the desired file
- Drag into desired folder
- Select
Move File
Copy a File
- Go to Document > Shared Accounts
- Select the folder icon (far left) for the account you wish to explore
- Browse to the desired directory
- Left-click to select the desired file
- Right-click and select
Copy
Delete a File
- Go to Document > Shared Accounts
- Select the folder icon (far left) for the account you wish to explore
- Browse to the desired directory
- Left-click to select the desired file
- Right-click and select
Delete
Create a Folder
- Go to Document > Shared Accounts
- Select the folder icon (far left) for the account you wish to explore
- Click “New Top Level Folder”
- Enter a folder name of your choosing
- Click
Create
Rename a Folder
- Go to Document > Shared Accounts
- Select the folder icon (far left) for the account you wish to explore
- Browse to the desired directory
- Left-click to select the desired folder
- Right-click and select
Rename
Move a Folder
- Go to Document > Shared Accounts
- Select the folder icon (far left) for the account you wish to explore
- Browse to the desired directory
- Left-click to select the desired folder
- Drag into desired folder
- Select
Move Folder
Delete a Folder
- Go to Document > Shared Accounts
- Select the folder icon (far left) for the account you wish to explore
- Browse to the desired directory
- Left-click to select the desired folder
- Right-click and select
Delete
Download Folder Contents (zip file)
The Download as Zip
option is for downloading many files at once. This option will zip (compress) all contents of the selected folder and download the zip file (.zip extension).
For easy navigation, the zip file retains the directory structure that exists in the file explorer.
- Go to Document > Shared Accounts
- Select the folder icon (far left) for the account you wish to explore
- Browse to the desired directory
- Left-click to select the desired folder
- Right-click and select
Download as ZIP