Most administrators have experienced (and despaired of) the following scenario: Confronted with the task of having to create a report that shows which users have effective access rights to one or more specific folders, you come to realize that the tools available provide only partially satisfying results – the display options are clunky and there is no efficient way of visualizing folder access rights across several nesting levels.
tenfold helps: Users (administrators, folder owners) are able to select the desired folder from the file server via the comfortable, explorer-style interface. tenfold then presents the set groups and users for each authorization in a simple and easy-to-grasp manner. By representing the effective access rights (including inheritances and nested groups), the user is able to monitor any access rights to their folder. tenfold also finally makes it possible to determine the areas to which users and groups have effective access rights. Furthermore, automated PDF evaluations that are periodically sent via e-mail further optimize these IT processes.
Managing file servers or setting access rights for them using the provided standard tools can be a difficult task. Consistently applying Microsoft®’s best practices – i.e. the AGDLP principle – consumes extensive amounts efforts because each step requires you to create and set the relevant access right groups manually. With tenfold, all necessary structures will be created automatically as needed; thus, the process of setting access rights for users on file serves transforms from a tedious, repetitive and never-ending mission into a stress-free drag-and-drop experience.
Self Service & Workflows
The available standard Windows tools do not support the use of workflows for access rights assignment, despite the fact that this would be of great value to most organizations: Compliance and transparency rules require that the person responsible for a directory give permission before any access rights can be granted. This permission must be well documented in case questions about it arise later on. tenfold allows data owners, supervisors and IT departments to be integrated into the workflow. Automatic email messages inform the responsible parties about any actions required.
The tenfold Problem Dashboard automatically informs administrators of problems concerning the Active Directory® and file servers. Such problems may include (among others): detection of orphaned SIDs, circular references in group assignments, interrupted inheritance and full access rights for non-administrators. The so called solution assistants will find the suitable solution for each problem and solve it immediately.
Features in Detail
- Report: Who has access to what folders (including subfolders)? (many customizable settings)
- Report: Where do users have effective access? (including direct user permissions and group permissions, even if groups are nested)
- Data histories stored in tenfold database
- Administrative function which allows you to view and edit permissions live. Administrators can be assigned with necessary permissions individually for each file server
- Enabling folders for self-service: you can either make all folders down to a certain defined level available for request, or individual folders, regardless of their level within a folder structure
- Determine data owners and configure workflows for approval of permission requests
- Standard functions, like creating and deleting folders or changing folder names
- Group structures according to AGDLP, AGGP or AUUP models are automatically created and maintained
- Necessary list groups are automatically generated to enable browsing function for users
- Configurable group naming conventions
- Configurable organizational units in Active Directory for filing groups
- New permission level “Modify Plus“ to prevent folders from being accidentally moved
- Periodical import of file servers to maintain up-to-date overview of status quo in tenfold (imports can be done either on demand or time can be set for import)
- Modifications not carried out through tenfold are recorded and evaluated
For successful file server integration in tenfold, the following system requirements must be fulfilled:
- Access to file servers through a UNC path via SMB or CIFS
- Microsoft Windows, NetApp®, EMC® (or similar) file servers are supported
- Permissions are assigned through ACL based on Active Directory objects
- Service account with full access to file servers intended for integration
Note: File servers based on Novell or UNIX/Linux systems (ext4, xfs, etc.) are not supported.