Documentation forAccess Rights Manager

Report on the usage of "everyone"

Background / Value

If the "Everyone" account is used for the assignment of access rights, (almost) everyone has access to the connected resources. The consequence is an excessive assignment of access rights and a high probability for unauthorized access. Access Rights Manager displays all access rights for the "Everyone" account. These go against the principle of least privilege and should therefore not be used.

You can remove "Everyone Permissions" in bulk in the ARM Web Client. Before you remove the permissions, you should assign specific group permissions to the corresponding resources.

 

Related features

Also keep an eye on the critical Authenticated Users.

Identify globally accessible directories (web client)

Remove "everyone" permissions in bulk (web client)

 

Step-by-step process

  1. Select "Start".
  2. Click on "All 'Everyone' permissions".

 

  1. Enter a title for the report and add a comment.
  2. Define the range of the report.
  3. Define the desired report settings.
  4. Start the report.

 

B023-03 EN Jeder Account auf Berechtigungen prüfen

In the example you see directories that everyone has access to.