Permissions are not a feature. They're the control surface every other capability inherits from.
The CISO's review for any platform component starts with the same 5 questions: how is identity federated, how are permissions enforced, what's the audit chain on permission changes, what's the encryption story, and what's the recovery story. Most platforms give 5 different answers depending on which sub-product the question is about.
TeamSync's identity, permissions, encryption, and backup model is one architecture across every capability. The same answer to the CISO's 5 questions for the records platform, the AI copilot, CLM, eSignatures, eDiscovery, and the workflow engine. That uniformity is what turns the security review from a multi-product evaluation into a single architectural review.
Talk to a solutions engineer · Read the permissions-aware AI pillar · Read the crypto-shred pillar
What's in the RBAC + Backup surface.
| Sub-capability | What it does |
|---|---|
| Identity federation | SAML 2.0, OIDC, SCIM provisioning; integrates with Okta, Entra ID, Ping, Auth0, Duo, on-prem AD |
| Role-based access control (RBAC) | Roles defined per tenant; inherited across capabilities |
| Attribute-based access control (ABAC) | Attribute policies for context-sensitive access (clearance level, project, jurisdiction) |
| Permission enforcement at retrieval time | Every read bounded by the asking user's effective permissions at query time |
| Per-tenant envelope encryption | Each tenant's content encrypted with its own key |
| HSM-backed key custody | Keys held in hardware security modules with attested operations |
| Customer-controlled keys (CMK) | Customer holds the master key; TeamSync cannot decrypt without customer authorisation |
| BYOK / HYOK | For workloads with regulator-mandated key custody |
| Crypto-shred | Right-to-erasure executed by key destruction |
| File-level backup and restore | Per-document backup with permission-state preservation |
| Audit chain on every event | Identity, permission, key, and recovery events anchored |
What "uniform across capabilities" actually means.
Most platforms have a different identity story for each sub-product. The records system's RBAC is one model; the AI overlay is another; the eDiscovery hold tool is a third. The CISO's review has to validate each one.
| Pattern | Standard platform | TeamSync |
|---|---|---|
| Identity federation | Per-product configuration | One IdP federation; inherited |
| Role definition | Per-product | One role catalogue across capabilities |
| Permission enforcement | Per-product, varies by sub-product | platform-level, uniform |
| Encryption story | Per-product | One envelope-encryption model |
| Audit chain on permission change | Per-product log | One chain across capabilities |
| Key custody options | Varies | Customer-controlled-keys for any workload |
The CISO's question — "how do you enforce permissions consistently?" — has one answer instead of eight.
What customer-controlled keys actually means.
Customer-controlled keys (CMK) is the architectural option for workloads where the customer needs to retain key custody — sovereign deployments, hyper-regulated workloads, high-value contractual commitments.
| Pattern | What it does | When to use it |
|---|---|---|
| TeamSync-managed keys | TeamSync handles key generation, rotation, custody | Default; appropriate for most workloads |
| Customer-controlled keys (CMK) | Customer holds the master key; TeamSync wrapped by it | Sovereign deployments, regulator-mandated key custody |
| BYOK (Bring Your Own Key) | Customer generates and provides the key; TeamSync uses it | Cross-cloud key management |
| HYOK (Hold Your Own Key) | Key never leaves the customer's HSM | The strictest sovereignty requirements |
The architectural commitment: TeamSync cannot decrypt customer content without customer authorisation when CMK or HYOK is enabled. This is the answer to the regulator's "what if TeamSync is compromised?" question.
What the backup and recovery surface actually delivers.
| Capability | What it does |
|---|---|
| Per-document backup | Every version of every document backed up with permission-state preservation |
| Point-in-time recovery | Restore to any prior point in the audit chain |
| Permission-preserving restore | Restored documents inherit the permission state from the recovery point |
| Cross-region replication | Configurable; supports multi-region deployments |
| Disaster recovery | RTO and RPO commitments per support tier |
| Backup audit chain | Every backup and restore event anchored |
| Crypto-shred-aware recovery | Crypto-shredded content cannot be recovered (by architecture) |
The recovery story respects the cryptographic-erasure model. A right-to-erasure event is permanent — the recovery surface honours it.
What changes for the security and recovery teams.
| Activity | Before | With TeamSync |
|---|---|---|
| CISO security review across capabilities | Per-product | One architectural review |
| Permission-change audit defensibility | Per-product log | One cryptographic chain |
| Key custody flexibility | Per-product capability | Customer-controlled-keys across the platform |
| Backup with permission preservation | Often partial | Native |
| Right-to-erasure across backups | Procedural | Cryptographic |
| Cross-region replication discipline | Per-product configuration | platform-level |
How customers compare TeamSync for the control surface.
The control-surface evaluation is usually built into the broader platform evaluation. The most common comparisons:
- Microsoft Purview + M365 Compliance Manager — strong inside M365; the cross-source uniform-permissions story and the cryptographic-key custody story are weaker
- OpenText Identity & Access — comprehensive legacy posture; the platform-uniform-permissions story is per-product
- In-house IAM + KMS + backup — most flexible; the uniform-across-capabilities story is on you to build
For specific comparisons: - TeamSync vs SharePoint + M365 - TeamSync vs OpenText
Read further.
- Why TeamSync — permissions-aware AI — what the permission model enables for AI
- Why TeamSync — crypto-shred — what the encryption model enables for right-to-erasure
- Why TeamSync — tamper-evident audit — the chain every event anchors to
- CISO + Audit Committee page — the executive conversation