tenfold Access Management for File Servers




Reporting

Most admins are familiar with this problem: you want to generate a report depicting which users have access to one or more specific folders, but soon come to realize that the tools you’re working with are less than sufficient for the job. The display options are primitive and there is no good to way to visualize privileges across multiple levels.

The remedy for this pain is tenfold. It comes with an intuitive explorer-style interface. Here, users (admins or owners of folders) can select the desired folder on the file server. tenfold then presents the groups and users that have been set for each permission in a clear and comprehensible manner. It shows all effective rights, including inheritances and nested groups, allowing users to monitor the rights to their folders. tenfold also allows you to see what effective permissions a specific user our group has. IT processes are further optimized through automated periodic PDF reports via email.


Required License

System Requirements

For successful integration with tenfold, the following system requirements apply:

  • Access to file serve via UNC path via SMB or CIFS
  • Microsoft Windows, NetApp®, EMC® or similar file servers are supported
  • Permissions are assigned via ACL on the basis of Active Directory objects
  • Service account with full access to file servers you wish to integrate with

Note: Filesservers based on Novell or UNIX/Linux systems (ext4, xfs, etc.) are not supported.


Management

Managing access rights on file servers using the provided standard tools can be very difficult. To implement Mirosoft®’s best practice principle (AGDLP), you must invest great amounts of time and efforts as each step requires you to create and set the relevant permission groups manually. Not only is this a time-consuming task, it also increases the risk for errors tremendously. tenfold, on the other hand, creates all necessary groups and structures automatically. Which means: no more repetitive and tedious manual efforts. No more stress. Just a bit of drag-and-drop. The rest is automated.

Self-Service & Workflows

The standard Windows tools do not support workflows for assigning permissions, despite the fact that such processes are of great importance in most organizations: compliance and transparency regulations dictate that the person who is responsible for a folder must give his or her consent before a permission for the folder can be assigned. This approval must be thoroughly documented as part of an audit trail. Unlike the given Microsoft tools, tenfold does use and support workflows that include data owners, supervisors and other persons of relevance in each step. Whenever an action is required, tenfold sends out automated emails notifying the relevant people.

Automatic Problem-Solving Skills

The tenfold dashboard automatically informs admins of problems with the Active Directory® and file servers. Issues tenfold will highlight include: orphaned SIDs, circular references in group assignments, broken up inheritance or full control privileges for users who aren’t admins. These problems will be immediately resolved by the appropriate solution assistants.


Screenshot depicting how reporting for file server permissions works on the user interface of the IAM software tenfold

Flexible Options

Screenshot of the user interface of the IAM software tenfold, showing the different aspects of tenfold reporting. Permission reporting.

Report: What permissions does the user have?




Features

  • Report: Who has access to what folders and subfolders? (Many customizable settings).
  • Report: Where do users have permissions? (Including direct user permissions and group permissions, even if groups are nested).
  • Data history saved to tenfold database.
  • Administrative function which allows you to view and edit permissions live. Administrators can be assigned the necessary permissions individually for each file server
  • Enable folders for self-service: you can make all folders down to a certain defined level available for request or just make individual folders available, regardless of their level within a folder structure
  • Determine data owners and configure workflows for approval of permission requests
  • Create and delete folders, change folder names
  • Group structures in accordance with AGDLP, AGGP or AUUP models are created and maintained automatically
  • Necessary list groups are generated automatically to enable browsing function for users
  • Configurable group naming conventions
  • Configurable organizational units in Active Directory for filing groups
  • New permission level “Modify Plus“ to prevent folders from being moved accidentally
  • Periodical import of file servers to maintain up-to-date overview of status quo in tenfold (imports can be done either on demand or at a set time)
  • Modifications not done in tenfold are recorded and evaluated

  • Automation: tenfold automatically transmits changes made to users and groups. This saves you time because manual activities are no longer required.

  • Reporting:At the click of a button, tenfold provides a clear overview of who has access to what, or which privileges an individual user has access to. Learn more about tenfold’sreporting feature.

  • Profiles/Roles: Privileges can be grouped together with resources and privileges from other target systems and linked to organizational units. This way, privileges will be assigned and revoked automatically, e.g. when users change departments. Learn more about roles.

  • Approval workflows: Both one-step and multi-step workflows are supported.

  • Recertification: Data owners can regularly review permissions to ensure they are up to date and mark obsolete entries for removal. tenfold then removes flagged permissions automatically. Learn more about recertification with tenfold.

  • Auditing: Changes to permissions are documented automatically. You can access historical data at any time and track who had access to sensitive data. Learn more about change tracking.

  • Integration of data owners: Specify data owners whose job it is to look over certain privileges and who must approve requests as well as review privileges at regular intervalsLearn more about data owners in tenfold.





Would you like to experience tenfold LIVE?

Sign up now for our product demo!
tenfold – Simple. Secure. Ready to go.

Get demo




Visit our blog for more tips & tricks on cyber security!