Managing and securing shared permissions

Data privacy is crucial, especially now that more data protection and user privacy laws are coming into play. Monitoring document access inside your network by identifying the shared permissions for a file or folder can assist you in defining better user and group privileges and limiting user access to sensitive documents. Here are a few strategies that can help you manage sharing and folder permissions and keep complications arising from inaccurate share permissions at bay.

A binary model for permissions and sharing

You can start with a few simple file management procedures to monitor folder permissions. Here are five recommendations for managing files and their shared permissions effectively.

Permissions based on assets

  1. Directly applied permissions
  2. Inherited permissions
  3. Hybrid permissions

Permissions based on individuals

  1. Group permissions
  2. User permissions
  • Directly applied permissions

    All user access control entries are directly applied to the resources, documents, files, and folders list.

  • Inherited permissions

    Resource permissions are inherited from the parent directory they belong to.

  • Hybrid permissions

    Employ both direct and inherited permissions-based access control to limit different users and groups.

  • Group permissions

    Defining group access can give you better control and a more effective way to monitor share permissions. Even a single individual can be considered a group based on the fact that the group is subject to expansion.

  • User permissions

    There are times when users from different departments or groups may come together for a specific project; if this case, you can provide access to individuals based on their particular needs. 

Effective data owner scrutinization.

Any data that circulates in your enterprise network belongs to a data owner, such as a product manager or project manager. They are in control of the data that is relevant to their project or product, and have to help you as the IT admin ensure that this data is continuously used, protected, and shared only within the product or project. This has to be done on an audit basis to secure data that's in circulation.

Continuous monitoring.

As an IT admin, you have to continuously monitor a number of network shares inside your network to limit access or even revoke shares. Sometimes shares aren't being used by any user or group, and you need to dissolve these to keep data secured and protected. Monthly or quarterly auditing on available shares is good practice.

Data retention policy.

With so much data entering and leaving your network every day, you should formulate a data deletion and retention policy to scrutinize any existing network shares and their data. Here is a checklist to practice with respect to data retention and deletion to meet any privacy by design regulations.

  1. Set a time limit for when data is considered stale.
  2. Identify stale data.
  3. Automatically identify the type of data and data owner, as well as the data usage, access, and sensitivity.
  4. Automatically delete data that has exceeded its retention period.
  5. Automatically migrate misplaced sensitive data to a proper folder.
  6. Record and report on data protection procedures, retention periods, and disposal policies.

Theses tips on share permissions management and data protection practices can help you ensure your organization's data is properly secured.