Entitlement Management: Permissions for Files and Folders on CIFS Shares

Often, files and folders on CIFS (Common Internet File System) shares have permissions that allow "Everyone" (all domain users) to access the data on the shares. This scenario creates a security risk for any file or folder in that location. End users who place their data in these folders might not know that their data is exposed to everyone.

Entitlement Management permissions is critical when you have files that contain sensitive information such as social security numbers, credit card information, and employee salaries.

Use Entitlement Management to replace the existing permissions with new ones that give access only to explicit users or user groups that require the information.

For a given user name, you can allow or deny the following permissions:

  • Full control
  • Modify
  • Read & execute
  • Read
  • Write

Key Features

Entitlement management offers the following key features:

Review Permissions: You can review permissions to determine who can access your data. You can also see the type of access the users have such as read, write, execute and so on. After the data owners are identified, administrators can make decisions about permissions using the Entitlement Management interface. For more information, see Reviewing Permissions for Files and Folders on Shares.

Remediate Permissions: To protect sensitive data from loss, tampering, and exposure, the permissions must be assigned correctly. If the permissions are assigned incorrectly or changed to a more permissive state without a good business reason, the administrators can remediate quickly. For more information, see Remediating Permissions for Specific Users.

Audit Trail: Using the Audit trail, you can know who is being added and removed from accessing the files and folders. Review and remediation of the permissions are done by data owners or administrators. All permission changes done using the Entitlement dashboard are logged in the Entitlement audit trail, without the need for Windows operating system-level auditing. You can also use the audit trail to demonstrate adherence to governance policies. For more information, see Complete Audit Trail.

Last modified: 9/24/2019 8:06:20 PM