Report on the usage of "everyone"
If the Everyone account is used for the assignment of access rights, (almost) everyone has access to the connected resources. The consequence is an excessive assignment of access rights and a high probability for unauthorized access.
The All Everyone permissions report lists all access rights for the Everyone account. These go against the principle of least privilege and should not be used.
You can remove Everyone Permissions in bulk in the ARM Web Client. Before you remove the permissions, assign specific group permissions to the corresponding resources.
Create the report
-
Log in to the Access Rights Manager application.
-
Click Start in the toolbar.
-
Under Documentation & Reporting, click All "Everyone" permissions.
-
Configure the report settings.
-
In the Title and Comment fields, enter a title and comment for the report.
-
In the Objects box, define the report range.
-
Maximize the Settings menu and define the desired reports.
-
Click Start to generate the report.
-
View the report
Below is an example of the All Everyone permissions report. In this example, the report lists the directories that everyone can access.
See the following sections for more information:
-
Identify globally accessible directories (web client)
-
Remove "everyone" permissions in bulk (web client)