Often, due to a lack of insight on giving the correct permissions, in certain scenarios, there is a risk that files are exposed to "Everyone". This can result in data breach of files that contain sensitive information such as social security numbers, credit card information, and PII (personally identifiable data).
End users who place their data in these folders might not know that their data is exposed to everyone.
Use Entitlement Management to replace the existing permissions with new ones that give access only to explicit users or user groups that require the information.
For a given user name, you can allow or deny the following permissions:
Read & execute
Entitlement management offers the following key features:
Review Permissions: You can review permissions to determine who can access your data. You can also review the permissions that has a user inherited from the AD user groups. You can see the type of access the users have such as read, write, execute and so on. After the data owners are identified, administrators can make decisions about permissions using the Entitlement Management interface. For more information, see Reviewing Permissions for Files and Folders on Shares.
Remediate Permissions: To protect sensitive data from loss, tampering, and exposure, the permissions must be assigned correctly. If the permissions are assigned incorrectly or changed to a more permissive state without a good business reason, the administrators can remediate quickly. For more information, see Remediating Permissions for Specific Users.
Audit Trail: Using the Audit trail, you can know who is being added and removed from accessing the files and folders. Review and remediation of the permissions are done by data owners or administrators. All permission changes done using the Entitlement dashboard are logged in the Entitlement audit trail, without the need for Windows operating system-level auditing. You can also use the audit trail to demonstrate adherence to governance policies. For more information, see Complete Audit Trail.
Add Users: You can search and add new users whose permission you want to allow or deny. For more information, see Changing Permissions for Specific Users.
Change Owners: You can change the owner of a specific set of files to another user. For more information, see Changing File Ownership.