Documentation forAccess Rights Manager

Identify globally accessible directories (web client)

Background / Value

If "Everyone accounts" are used for the assignment of access rights, (almost) everyone has access to the connected resources. The consequence is an excessive assignment of access rights and a high probability for unauthorized access. These go against the principle of least privilege and should therefore not be used. Before deleting permissions you should assign specific groups to the appropriate resources.

 

"Everyone accounts" are:

  • Everyone
  • Authenticated Users
  • Domain-Users

 

Related features

Remove permissions from globally accessible directories in bulk

 

Step-by-step process

  1. Click Analyze.

  2. Click Risk assessment dashboard.

 

  1. Access Rights Manager shows a rating for the risk factor Globally accessible directories.
  2. Click Minimize risks.

The tiles are sorted by risk level and may therefore be located in different places.

 

  1. Access Rights Manager lists all globally accessible directories.
  2. Use sorting, filtering and grouping to analyze the data.
  3. Select the rows to display in the grid and in the reports.
  4. Export the data into Excel.
  5. Create a report in PDF- or CSV-format. Save the report or email it.