AWS amazonq documentation change
Summary
Corrected capitalization of 'slack' to 'Slack' throughout the document and fixed minor grammatical inconsistencies
Security assessment
The changes are purely stylistic capitalization corrections (e.g., 'slack' to 'Slack') and grammatical improvements. No security-related content was added, removed, or modified. The existing security documentation about ACL management and access control remains unchanged in substance.
Diff
diff --git a/amazonq/latest/qbusiness-ug/slack-user-management.md b/amazonq/latest/qbusiness-ug/slack-user-management.md index 279d02609..6f842ff2e 100644 --- a//amazonq/latest/qbusiness-ug/slack-user-management.md +++ b//amazonq/latest/qbusiness-ug/slack-user-management.md @@ -11 +11 @@ Amazon Q Business supports crawling ACLs for document security by default. -slack organizes content into documents, which include messages, attachments, posts, snippets, thread replies, and emojis. Messages and attachments can belong to different conversation types such as direct messages (DMs), public channels, or private channels. +Slack organizes content into documents, which include messages, attachments, posts, snippets, thread replies, and emojis. Messages and attachments can belong to different conversation types such as direct messages (DMs), public channels, or private channels. @@ -13 +13 @@ slack organizes content into documents, which include messages, attachments, pos -When you connect a slack data source to Amazon Q Business, Amazon Q Business crawls ACL information (channel IDs) attached to a document from your slack instance. If you choose to activate ACL crawling, this information can be used to filter chat responses to your end user's document access level. Access Control (ACLs) in slack is managed through users and groups. +When you connect a Slack data source to Amazon Q Business, Amazon Q Business crawls ACL information (channel IDs) attached to a document from your Slack instance. If you choose to activate ACL crawling, this information can be used to filter chat responses to your end user's document access level. Access Control (ACLs) in Slack is managed through users and groups. @@ -15 +15 @@ When you connect a slack data source to Amazon Q Business, Amazon Q Business cra -**Identity Crawling** : slack allows link sharing at the document level. If a document link is shared across different channels (DMs, groups, or private channels), the new channel ID is included during crawling, effectively expanding ACLs to include members of those channels. slack does not enforce explicit deny rules: public channels allow user removal but do not prevent them from rejoining, whereas private channels restrict reentry without an invitation. The minimum permission to query channel data varies: for public channels, workspace membership is sufficient, while private channels require direct membership for access. slack enforces username restrictions, supporting only lowercase letters, numbers, periods, hyphens, and underscores. This lowercase format is maintained when crawling identities. ACL mismatches can occur if case differences exist between slack usernames and identity data stored in the connector, potentially preventing access to crawled information. When a user is deactivated or deleted, they lose access to crawled data, and subsequent syncs reflect this by removing the user from ACLs. +**Identity Crawling** : Slack allows link sharing at the document level. If a document link is shared across different channels (DMs, groups, or private channels), the new channel ID is included during crawling, effectively expanding ACLs to include members of those channels. Slack does not enforce explicit deny rules: public channels allow user removal but do not prevent them from rejoining, whereas private channels restrict reentry without an invitation. The minimum permission to query channel data varies: for public channels, workspace membership is sufficient, while private channels require direct membership for access. Slack enforces username restrictions, supporting only lowercase letters, numbers, periods, hyphens, and underscores. This lowercase format is maintained when crawling identities. ACL mismatches can occur if case differences exist between Slack usernames and identity data stored in the connector, potentially preventing access to crawled information. When a user is deactivated or deleted, they lose access to crawled data, and subsequent syncs reflect this by removing the user from ACLs. @@ -17 +17 @@ When you connect a slack data source to Amazon Q Business, Amazon Q Business cra -**Permission Inheritance** : The slack Workspace is the top-most entity controlling access. All workspace members can access public channels by default. Public channels have no ACLs; they are accessible to all workspace members. If ACLs are disabled, all public channel content is open to everyone on Amazon Q. DMs, groups, and private channels have independent ACLs, which completely replace any parent ACLs. Private channels restrict access to invited members, including external collaborators via slack Connect. All entities inherit permissions from the parent. +**Permission Inheritance** : The Slack Workspace is the top-most entity controlling access. All workspace members can access public channels by default. Public channels have no ACLs; they are accessible to all workspace members. If ACLs are disabled, all public channel content is open to everyone on Amazon Q. DMs, groups, and private channels have independent ACLs, which completely replace any parent ACLs. Private channels restrict access to invited members, including external collaborators via Slack Connect. All entities inherit permissions from the parent. @@ -19 +19 @@ When you connect a slack data source to Amazon Q Business, Amazon Q Business cra -**Mapping Rules** : slack's inheritance mapping follows its native structure without custom logic. Federated groups are treated as local upon syncing, with all members stored regardless of status. Emails, links, and other text within messages are crawled as regular strings without specific parsing. Link-sharing does not modify document ACLs: a shared link in a message is crawled as plain text rather than as an access control change. Public channels are accessible to all Amazon Q users if no ACL is applied. +**Mapping Rules** : Slack's inheritance mapping follows its native structure without custom logic. Federated groups are treated as local upon syncing, with all members stored regardless of status. Emails, links, and other text within messages are crawled as regular strings without specific parsing. Link-sharing does not modify document ACLs: a shared link in a message is crawled as plain text rather than as an access control change. Public channels are accessible to all Amazon Q users if no ACL is applied.