File Server Permission Management with tenfold

Reporting File Server Permissions

If you’re an admin, this might sound familiar: you want to generate a report showing which users have access to specific files and folders, but quickly realized that the default tools available to you are simply not up to the job. There are no good options to track and visualize the effective permissions of users, especially when NTFS and Share Permissions collide.

If you know this pain, what you need is tenfold. It provides you with an intuitive, explorer-style interface: Simply select a folder on the file server and tenfold will show you the permission level for every user and group. It’s a clear and effective summary of access rights, including inheritances and nested groups. tenfold also allows you to select specific users or groups in order to see their permissions and level of access to shared files. To optimize the reporting process even further, automatically generated PDF reports are available via email.

Required License

System Requirements

For successful integration with tenfold, the following system requirements apply:

  • Access to file serve via UNC path via SMB or CIFS
  • Microsoft Windows, NetApp®, EMC® or similar file servers are supported
  • Permissions are assigned via ACL on the basis of Active Directory objects
  • Service account with full access to file servers you wish to integrate with

Note: Filesservers based on Novell or UNIX/Linux systems (ext4, xfs, etc.) are not supported.

Permission Management

Managing access rights on file servers using the standard tools is a difficult and time-consuming process. Manually implementing Microsoft®’s recommended practice of AGDLP requires a great deal of time and effort. What’s worse, creating and assigning permission groups by hand greatly increases the risk of errors. With tenfold, the groups and structures needed to enforce role-based access control are created automatically in the background. No more repetitive and tedious manual efforts. No more stress. Just a bit of drag-and-drop. Everything else is taken care of.

Self-Service & Workflows

The standard Windows tools do not support approval workflows for assigning permissions, even though this process is crucial for organizations: compliance and transparency regulations dictate that the person who is responsible for a folder must give their consent before a permission for the folder can be assigned. This approval process must be fully documented and available as part of the audit trail. Unlike the default Microsoft tools, tenfold does use and support workflows that include data owners, supervisors and other relevant stakeholders in each step. Whenever an action is required, tenfold sends out automatic notifications.

Monitoring & Problem-Solving

The tenfold dashboard automatically informs admins of problems with the Active Directory® and file servers. Issues tenfold will highlight include: orphaned SIDs, circular references in group assignments, broken up inheritance or full control privileges for users who aren’t admins. Many of these problems can be fixed directly from the dashboard with a single click.

Flexible Options

Report: What permissions does the user have?

Features

  • Report: Who has access to what folders and subfolders? (Many customizable settings).
  • Report: Where do users have permissions? (Including direct user permissions and group permissions, even if groups are nested).
  • Data history saved to tenfold database.
  • Administrative function which allows you to view and edit permissions live. Administrators can be assigned the necessary permissions individually for each file server
  • Enable folders for self-service: you can make all folders down to a certain defined level available for request or just make individual folders available, regardless of their level within a folder structure
  • Determine data owners and configure workflows for approval of permission requests
  • Create and delete folders, change folder names
  • Group structures in accordance with AGDLP, AGGP or AUUP models are created and maintained automatically
  • Necessary list groups are generated automatically to enable browsing function for users
  • Configurable group naming conventions
  • Configurable organizational units in Active Directory for filing groups
  • New permission level “Modify Plus“ to prevent folders from being moved accidentally
  • Periodical import of file servers to maintain up-to-date overview of status quo in tenfold (imports can be done either on demand or at a set time)
  • Modifications not done in tenfold are recorded and evaluated
  • Automation: tenfold automatically transmits changes made to users and groups. This saves you time because manual activities are no longer required.

  • Reporting:At the click of a button, tenfold provides a clear overview of who has access to what, or which privileges an individual user has access to. Learn more about tenfold’sreporting feature.

  • Profiles/Roles: Privileges can be grouped together with resources and privileges from other target systems and linked to organizational units. This way, privileges will be assigned and revoked automatically, e.g. when users change departments. Learn more about roles.

  • Approval workflows: Both one-step and multi-step workflows are supported.

  • Recertification: Data owners can regularly review permissions to ensure they are up to date and mark obsolete entries for removal. tenfold then removes flagged permissions automatically. Learn more about recertification with tenfold.

  • Auditing: Changes to permissions are documented automatically. You can access historical data at any time and track who had access to sensitive data. Learn more about change tracking.

  • Integration of data owners: Specify data owners whose job it is to look over certain privileges and who must approve requests as well as review privileges at regular intervalsLearn more about data owners in tenfold.

Want to learn more?

Our video demo covers the full range of features
included in our powerful IAM solution.

View Demo

Want to learn more?

Our video demo covers the full range of features
included in our powerful IAM solution.

View Demo

Visit our blog for more tips & tricks on cyber security!